← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Hiding a beacon in a jquery
WHITE AlienVault 2018-11-26 Modified: 2018-11-26
5
IOCs
LOW VOLUME
It’s easy to find yourself as a malware researcher looking at some unimaginative samples, which can be good for learning but sometimes you find one that someone actually invested some time into. While ripping this apart I noticed that most of the setup was mimicking a CobaltStrike setup from a redteam blog.
Indicators of Compromise (5)
All YARA FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
YARA 1a0e8378ea9ec0c7ccd752415c1c4388737e9b0c 2018-11-26
YARA 01efb50be957a011c4f995bf41fcbfd5e8111537 2018-11-26
FileHash-SHA256 6176941029763c6d91d408f3d63f1006de97eba45cb891b6a55f538d299b8a8c 2018-11-26
FileHash-SHA256 cba2820381969252a90caec4cb517cdafc9e01fd77aae7183e695211dc2756dd 2018-11-26
hostname jquery.amazoncdn.org 2018-11-26
References (1)
↗ https://sysopfb.github.io/malware,/reverse-engineering/2018/10/08/Beacon-in-a-jquery.html