CobaltStrikeParser/parse_beacon_config.py at master · Sentinel-One/CobaltStrikeParser
Tags
attack-pattern: Data Direct Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID cf0d737f-72dc-40d0-82a5-6f6131916a50
Fingerprint c4f01739fa01c0c8
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 15, 2021, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 4:35 a.m.
Headline UNKNOWN
Title CobaltStrikeParser/parse_beacon_config.py at master · Sentinel-One/CobaltStrikeParser
Detected Hints/Tags/Attributes 26/1/27
Source URLs
Redirection Url
Details Source https://github.com/Sentinel-One/CobaltStrikeParser/blob/master/parse_beacon_config.py
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 1176 
gmail.com
Details Domain 4128 
github.com
Details Domain 3 
cobaltstrikescan.py
Details Domain 1 
dio.read
Details Domain 23 
www.cobaltstrike.com
Details Domain 1 
usualsuspect.re
Details Domain 12 
self.data
Details Domain 1 
fobj.read
Details Domain 54 
re.search
Details Domain 48 
pefile.pe
Details Email 1 
gkristal.w@gmail.com
Details File 3 
parse_beacon_config.py
Details File 3 
cobaltstrikescan.py
Details File 16 
self.dat
Details File 3 
self.bin
Details File 50 
hashlib.md5
Details File 2 
self.settings
Details File 2 
self.ini
Details File 6 
self.exe
Details File 1 
confconsts.config
Details File 1 
parsed_setting.key
Details File 5 
b'.dat
Details File 1 
args.json
Details Github username 23 
jpcertcc
Details Url 2 
https://github.com/jpcertcc/aa-tools/blob/master/cobaltstrikescan.py
Details Url 4 
https://www.cobaltstrike.com/help-malleable-c2
Details Url 1 
https://usualsuspect.re/article/cobalt-strikes-malleable-c2-under-the-hood