Pulse Detail — Threat Intelligence

PULSE NAME

Cobalt Strike Beacon profiles

WHITE BinaryDefense 2022-01-04 Modified: 2022-02-03

IOCs

MEDIUM VOLUME

Servers at all of these IP addresses provided a Cobalt Strike Beacon stager profile. Many of them used stolen or pirated copies of Cobalt Strike. That doesn't mean they are all threat actors, but it is worth investigating any communication with these IP addresses coming from your network.

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

Cobalt Strike

Indicators of Compromise (33)

All hostname domain URL

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	d17vo3ygjck7t2.cloudfront.net	—	2022-01-04
hostname	cdn.update.microsoft.com.w.kunluncan.com	—	2022-01-04
hostname	account.balalahuangzi.xyz	—	2022-01-04
hostname	service-37dngpmv-1307089625.sh.apigw.tencentcs.com	—	2022-01-04
hostname	google.ocdscc.tk	—	2022-01-04
hostname	www.akillz.tk	—	2022-01-04
domain	cuphq.com	—	2022-01-04
hostname	service-93o7d48a-1252917766.gz.apigw.tencentcs.com	—	2022-01-04
hostname	r2t7g6v3.hostrycdn.com	—	2022-01-04
hostname	www.bsbbsb.xyz	—	2022-01-04
hostname	www.agoegations.com	—	2022-01-04
hostname	service-9w2jqesu-1258891987.hk.apigw.tencentcs.com	—	2022-01-04
hostname	www.h0rn3t.xyz	—	2022-01-04
hostname	www.shangxueba.com	—	2022-01-04
hostname	fnmsdtx.aliyundemo.com	—	2022-01-04
domain	aspnet0sys.tk	—	2022-01-04
domain	fedex-global.com	—	2022-01-04
URL	http://paydayholiday.me/admin/get.php	—	2022-01-04
domain	paydayholiday.me	—	2022-01-04
hostname	www.cyberevilcorp.tk	—	2022-01-04
hostname	store.nwwwamazon.ga	—	2022-01-04
hostname	service-lpremg76-1308287512.gz.apigw.tencentcs.com	—	2022-01-04
domain	myteamserver.online	—	2022-01-04
domain	upsawanna.com	—	2022-01-04
domain	shemsut.com	—	2022-01-04
hostname	auth.limanowa.top	—	2022-01-04
hostname	cs.microsofter.cf	—	2022-01-04
hostname	www.mini-cn.com	—	2022-01-04
hostname	cs.bronya.ml	—	2022-01-04
hostname	service-f68ks02s-1302530070.gz.apigw.tencentcs.com	—	2022-01-04
hostname	service-qjngm1n2-1305965917.gz.apigw.tencentcs.com	—	2022-01-04
hostname	cobalt.crimsoncore.be	—	2022-01-04
hostname	www.superqq.top	—	2022-01-04