Pointer: Hunting Cobalt Strike globally
Tags
attack-pattern: Data Model Python - T1059.006 Server - T1583.004 Server - T1584.004 Serverless - T1583.007 Serverless - T1584.007 Software - T1592.002 Web Service - T1481 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID f8c6119a-c7cf-4e65-aeab-abb0f2701403
Fingerprint 9e19f3d11220918e
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 21, 2021, 7:58 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Pointer: Hunting Cobalt Strike globally
Title Pointer: Hunting Cobalt Strike globally
Detected Hints/Tags/Attributes 55/1/11
Source URLs
Redirection Url
Details Source https://medium.com/@shabarkin/pointer-hunting-cobalt-strike-globally-a334ac50619a
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details Domain 105 
domain.com
Details Domain 361 
attack.mitre.org
Details Domain 3 
www.randhome.io
Details Domain 44 
docs.aws.amazon.com
Details File 1 
configuration-concurrency.html
Details Threat Actor Identifier - APT 297 
APT27
Details Url 2 
http://domain.com
Details Url 7 
https://attack.mitre.org/software/s0154
Details Url 2 
https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit
Details Url 1 
https://engineering.opsgenie.com/how-does-proportional-cpu-allocation-work-with-aws-lambda-41cd44da3cac
Details Url 1 
https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html