ioc[.]one - OSINT Cyber Threat Intelligence Database

A Deep Dive into Cobalt Strike Malleable C2 - Threatexpress

Tags

attack-pattern:

Data Cdns - T1596.004 Dns - T1071.004 Dns - T1590.002 Domain Fronting - T1090.004 Javascript - T1059.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Domain Fronting - T1172 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	ce42208b-cae1-4505-80e5-b6ddcd035337
Fingerprint	64525b78313ad682
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 1, 2019, midnight
Added to db	Jan. 19, 2023, 12:05 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	A Deep Dive into Cobalt Strike Malleable C2¶
Title	A Deep Dive into Cobalt Strike Malleable C2 - Threatexpress
Detected Hints/Tags/Attributes	52/1/31

Source URLs

	Redirection	Url
Details	Source	http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/

URL Provider

Details	Provider	Source level domain
Details	threatexpress.com	threatexpress.com

Attributes

Details	Type	#Events	Value
Details	Domain	4128	github.com
Details	Domain	1	bluescreenofjeff.com
Details	Domain	23	www.cobaltstrike.com
Details	Domain	10	blog.cobaltstrike.com
Details	Domain	41	www.google-analytics.com
Details	Domain	9	ajax.aspnetcdn.com
Details	Domain	768	www.youtube.com
Details	File	2	%windir%\sysnative\svchost.exe
Details	File	218	min.js
Details	File	18	ga.js
Details	File	3	ajax.asp
Details	File	1260	explorer.exe
Details	Github username	9	threatexpress
Details	Github username	6	rsmudge
Details	Url	1	https://github.com/threatexpress/malleable-c2
Details	Url	1	https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike
Details	Url	2	https://github.com/threatexpress/malleable-c2.
Details	Url	1	https://www.cobaltstrike.com/help-malleable-c2#validssl
Details	Url	2	https://www.cobaltstrike.com/help-smb-beacon
Details	Url	2	https://www.cobaltstrike.com/help-dns-beacon
Details	Url	2	https://blog.cobaltstrike.com/2013/06/28/staged-payloads-what-pen-testers-should-know
Details	Url	2	http://www.google-analytics.com/ga.js
Details	Url	1	https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.3.1.min.js
Details	Url	1	https://blog.cobaltstrike.com/2018/02/08/in-memory-evasion
Details	Url	1	https://www.youtube.com/playlist?list=pl9ho6m_mu2nc5q31qd2cwpz8j4kfmhgnk
Details	Url	1	https://www.cobaltstrike.com/help-http-beacon.
Details	Url	4	https://www.cobaltstrike.com/help-malleable-c2
Details	Url	1	https://github.com/rsmudge/malleable-c2-profiles
Details	Url	1	https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy
Details	Url	1	https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation
Details	Url	1	https://blog.cobaltstrike.com/2014/07/16/malleable-command-and-control