External C2, IE COM Objects and how to use them for Command and Control - MDSec
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Powershell - T1086 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID b00d1b99-6b1d-4233-b798-a2adbe7c6e40
Fingerprint 8879871639f40915
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 15, 2019, 9:47 a.m.
Added to db Jan. 18, 2023, 11:28 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline External C2, IE COM Objects and how to use them for Command and Control
Title External C2, IE COM Objects and how to use them for Command and Control - MDSec
Detected Hints/Tags/Attributes 42/2/20
Source URLs
Redirection Url
Details Source https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/
URL Provider
Details Provider Source level domain
Details mdsec.co.uk www.mdsec.co.uk
Attributes
Details Type #Events CTI Value
Details Domain 707 
google.com
Details Domain 21 
server.py
Details Domain 23 
www.cobaltstrike.com
Details Domain 10 
blog.xpnsec.com
Details Domain 4128 
github.com
Details File 263 
iexplore.exe
Details File 271 
chrome.exe
Details File 1209 
powershell.exe
Details File 323 
winword.exe
Details File 376 
wscript.exe
Details File 1122 
svchost.exe
Details File 19 
server.py
Details File 1 
externalc2spec.pdf
Details Github username 2 
ryhanson
Details Url 2 
https://google.com/.
Details Url 1 
https://www.cobaltstrike.com/downloads/externalc2spec.pdf
Details Url 1 
https://www.cobaltstrike.com/help-externalc2
Details Url 1 
https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework
Details Url 1 
https://github.com/ryhanson/externalc2
Details Url 1 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction