Pulse Detail — Threat Intelligence

PULSE NAME

ACTIVIDAD MALICIOSA | referente a Cobalt Strike hasta 09-02-2023

WHITE esoporteingenieria2020 2023-02-09 Modified: 2023-03-11

274

IOCs

HIGH VOLUME

Here is a full list of highlights from the BBC News website's live coverage of the 2016 Olympics in Rio de Janeiro, Brazil, and the Paralympic Games in London, which will take place on Thursday, 22 February 2016.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1001 T1003 T1005 T1007 T1012 T1016 T1018 T1021 T1027 T1029 T1030 T1046 T1047 T1049 T1055 T1056 T1057 T1059 T1068 T1069 T1070 T1071 T1078 T1083 T1087 T1090 T1095 T1105 T1106 T1112 T1113 T1132 T1134 T1135 T1137 T1140 T1185 T1197 T1203 T1218 T1518 T1543 T1548 T1550 T1553 T1562 T1564 T1569

MALWARE FAMILIES

Cobalt Strike

Indicators of Compromise (274)

All hostname URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	war3.u2pic.us	—	2023-02-09
URL	http://1.15.247.249:8086	—	2023-02-09
URL	http://100.42.70.27:234/cx	—	2023-02-09
URL	http://101.34.163.3:8888	—	2023-02-09
URL	http://101.43.122.222/push	—	2023-02-09
URL	http://101.43.122.222:80	—	2023-02-09
URL	http://106.75.227.134:443	—	2023-02-09
URL	http://106.75.85.32:443/en_US/all.js	—	2023-02-09
URL	http://107.172.206.242:444	—	2023-02-09
URL	http://107.172.206.242:444/pixel.gif	—	2023-02-09
URL	http://107.172.208.88/ca	—	2023-02-09
URL	http://107.172.208.88:443	—	2023-02-09
URL	http://108.165.178.42/push	—	2023-02-09
URL	http://108.165.178.43:80	—	2023-02-09
URL	http://116.62.168.211/cm	—	2023-02-09
URL	http://116.62.168.211:80	—	2023-02-09
URL	http://117.52.18.132:80	—	2023-02-09
URL	http://118.194.252.253:9000	—	2023-02-09
URL	http://120.46.219.85:808	—	2023-02-09
URL	http://121.4.57.81:443	—	2023-02-09
URL	http://124.223.173.83/en_US/all.js	—	2023-02-09
URL	http://124.223.173.83:80	—	2023-02-09
URL	http://124.223.22.86/dot.gif	—	2023-02-09
URL	http://134.209.104.25:4433	—	2023-02-09
URL	http://143.42.19.99/j.ad	—	2023-02-09
URL	http://143.42.19.99:80	—	2023-02-09
URL	http://147.78.47.141:80	—	2023-02-09
URL	http://159.138.24.94:80	—	2023-02-09
URL	http://159.223.178.111:443	—	2023-02-09
URL	http://159.253.120.205:443	—	2023-02-09
URL	http://159.253.120.205:8443	—	2023-02-09
URL	http://163.197.211.154/cm	—	2023-02-09
URL	http://163.197.211.154:80	—	2023-02-09
URL	http://172.245.129.218:443	—	2023-02-09
URL	http://172.81.62.92/owa/	—	2023-02-09
URL	http://172.81.62.92:80	—	2023-02-09
URL	http://180.184.71.14:443	—	2023-02-09
URL	http://182.61.6.63:9999	—	2023-02-09
URL	http://185.112.151.104:443	—	2023-02-09
URL	http://190.123.44.122:443	—	2023-02-09
URL	http://190.123.44.207:443	—	2023-02-09
URL	http://194.165.16.90:80	—	2023-02-09
URL	http://199.195.249.113:443	—	2023-02-09
URL	http://209.97.156.75:8080	—	2023-02-09
URL	http://213.252.246.35:443	—	2023-02-09
URL	http://37.220.87.31:443	—	2023-02-09
URL	http://42.192.195.250:4567	—	2023-02-09
URL	http://43.136.168.94:443	—	2023-02-09
URL	http://43.143.191.86:443	—	2023-02-09
URL	http://43.154.148.145:443	—	2023-02-09
URL	http://45.129.3.134:8443	—	2023-02-09
URL	http://45.145.231.204:666	—	2023-02-09
URL	http://45.151.144.159:81	—	2023-02-09
URL	http://45.88.221.91:808	—	2023-02-09
URL	http://46.161.40.118:443	—	2023-02-09
URL	http://47.100.215.156:80	—	2023-02-09
URL	http://47.90.244.75/dot.gif	—	2023-02-09
URL	http://47.90.244.75:80	—	2023-02-09
URL	http://47.92.115.123:4445/socialapiVersion=1.1	—	2023-02-09
URL	http://5.188.86.194/ptj	—	2023-02-09
URL	http://5.188.86.194:80	—	2023-02-09
URL	http://51.15.237.189:80	—	2023-02-09
URL	http://69.49.245.179:443	—	2023-02-09
URL	http://84.32.34.45:443	—	2023-02-09
URL	http://84.32.34.45:88	—	2023-02-09
URL	http://84.32.34.45:88/fwlink	—	2023-02-09
URL	http://87.251.64.176:443	—	2023-02-09
URL	http://94.102.49.104:4433	—	2023-02-09
URL	http://service-cetz3fn1-1308943111.sh.apigw.tencentcs.com:443/api/jquery.fancybox.min.js	—	2023-02-09
URL	http://thefirstupd.com:443/jquery-3.3.1.min.js	—	2023-02-09
URL	http://war3.u2pic.us:666/fwlink	—	2023-02-09
URL	https://106.75.227.134/search/	—	2023-02-09
URL	https://107.172.208.88/ga.js	—	2023-02-09
URL	https://159.253.120.205:8443/espoint	—	2023-02-09
URL	https://212.193.30.14/jquery-3.3.1.min.js	—	2023-02-09
URL	https://213.252.246.35/ptj	—	2023-02-09
URL	https://37.220.87.31/en_US/all.js	—	2023-02-09
URL	https://43.156.34.251:42424/api/QueryUsersInfo	—	2023-02-09
URL	https://87.251.64.176/match	—	2023-02-09
URL	https://didimutele.com/trouble.webm	—	2023-02-09
URL	https://fixx.sbs/g.pixel	—	2023-02-09
URL	https://lelele.barycallebaut.co/jquery-3.3.1.min.js	—	2023-02-09
URL	https://microsoft-edu.com/espoint	—	2023-02-09
URL	https://pj.flyvpncrack.com/ca	—	2023-02-09
domain	didimutele.com	—	2023-02-09
domain	microsoft-edu.com	—	2023-02-09
domain	thefirstupd.com	—	2023-02-09
hostname	lelele.barycallebaut.co	—	2023-02-09
hostname	pj.flyvpncrack.com	—	2023-02-09
hostname	service-cetz3fn1-1308943111.sh.apigw.tencentcs.com	—	2023-02-09
URL	http://103.142.246.194:8080	—	2023-02-09
URL	http://106.75.227.134/search/	—	2023-02-09
URL	http://107.148.130.152:443	—	2023-02-09
URL	http://107.173.111.16:443	—	2023-02-09
URL	http://108.165.178.42:443	—	2023-02-09
URL	http://108.165.178.43:443	—	2023-02-09
URL	http://118.194.252.253:9000/visit.js	—	2023-02-09
URL	http://119.91.148.9/push	—	2023-02-09
URL	http://119.91.148.9:80	—	2023-02-09
URL	http://120.27.94.139:62080/activity	—	2023-02-09
URL	http://124.223.215.12:80	—	2023-02-09
URL	http://156.232.11.5:443	—	2023-02-09
URL	http://159.138.5.204:443	—	2023-02-09
URL	http://159.138.5.204:443/push	—	2023-02-09
URL	http://159.138.5.204:443/submit.php	—	2023-02-09
URL	http://162.254.200.241/en_US/all.js	—	2023-02-09
URL	http://162.254.200.241:443	—	2023-02-09
URL	http://162.254.200.241:80	—	2023-02-09
URL	http://185.225.74.52:443/favicon.js	—	2023-02-09
URL	http://192.144.205.168:443	—	2023-02-09
URL	http://192.3.127.174:51001/ga.js	—	2023-02-09
URL	http://198.211.9.165/load	—	2023-02-09
URL	http://198.211.9.165:443	—	2023-02-09
URL	http://198.211.9.165:80	—	2023-02-09
URL	http://198.251.68.79/pixel	—	2023-02-09
URL	http://198.251.68.79:80	—	2023-02-09
URL	http://201.93.47.22:443	—	2023-02-09
URL	http://208.67.105.87:12338/push	—	2023-02-09
URL	http://212.193.30.14:8080/jquery-3.3.1.min.js	—	2023-02-09
URL	http://213.252.245.68:443	—	2023-02-09
URL	http://216.238.70.220:443	—	2023-02-09
URL	http://221.14.145.37/cm	—	2023-02-09
URL	http://221.14.145.37/submit.php	—	2023-02-09
URL	http://221.14.145.37:80	—	2023-02-09
URL	http://23.95.67.59:8443	—	2023-02-09
URL	http://43.129.158.87:8880	—	2023-02-09
URL	http://43.139.78.242:8090/__utm.gif	—	2023-02-09
URL	http://43.142.18.173:443	—	2023-02-09
URL	http://45.12.253.139:443/an.js	—	2023-02-09
URL	http://45.56.100.192:9090/match	—	2023-02-09
URL	http://45.61.186.121:443	—	2023-02-09
URL	http://49.4.88.243:82/match	—	2023-02-09
URL	http://5.57.245.135:7081/match	—	2023-02-09
URL	http://67.207.90.203:443	—	2023-02-09
URL	http://81.161.229.119:10443	—	2023-02-09
URL	http://81.70.11.25:9999/j.ad	—	2023-02-09
URL	http://82.156.177.149:443	—	2023-02-09
URL	http://84.247.51.87:10443	—	2023-02-09
URL	http://84.32.131.91:8080	—	2023-02-09
URL	http://84.32.34.45:80	—	2023-02-09
URL	http://87.251.64.176/pixel.gif	—	2023-02-09
URL	http://87.251.64.176:80	—	2023-02-09
URL	http://88.214.27.53:50004/push	—	2023-02-09
URL	http://91.213.50.75:8010/fwlink	—	2023-02-09
URL	http://91.215.85.176:83	—	2023-02-09
URL	http://fixx.sbs/__utm.gif	—	2023-02-09
URL	http://goodsport2023.win/cx	—	2023-02-09
URL	http://resolve-address.ddns.net:10443/updates.rss	—	2023-02-09
URL	http://service-4xrjz1wg-1253795072.gz.apigw.tencentcs.com:443/api/auth/v1/log	—	2023-02-09
URL	http://windowsupdate-cdn.click:8880/ga.js	—	2023-02-09
URL	http://www.microsofe.xyz:8080/cm	—	2023-02-09
URL	https://107.148.130.152/updates.rss	—	2023-02-09
URL	https://107.173.111.16/ga.js	—	2023-02-09
URL	https://108.165.178.42/updates.rss	—	2023-02-09
URL	https://124.223.182.22:10009/api/x	—	2023-02-09
URL	https://125.76.247.137/en-us/silentauth	—	2023-02-09
URL	https://134.209.104.25:4433/push	—	2023-02-09
URL	https://138.124.180.171:8080/fwlink	—	2023-02-09
URL	https://156.232.11.5/pixel	—	2023-02-09
URL	https://162.254.200.241/pixel.gif	—	2023-02-09
URL	https://195.189.99.65:999/__utm.gif	—	2023-02-09
URL	https://198.211.9.165/pixel.gif	—	2023-02-09
URL	https://208.67.105.87:13443/cx	—	2023-02-09
URL	https://213.252.245.68/en_US/all.js	—	2023-02-09
URL	https://42.193.23.91:8080/ca	—	2023-02-09
URL	https://42.81.85.224/en-us/silentauth	—	2023-02-09
URL	https://45.207.58.57:2080/load	—	2023-02-09
URL	https://45.32.121.12:8443/jquery-3.3.1.min.js	—	2023-02-09
URL	https://dns-google.net:8443/updates.rss	—	2023-02-09
URL	https://playfish.fun:6001/visit.js	—	2023-02-09
URL	https://prod.risio.co.in/messages/B1fOncrhSeI1hn7Cj6qJmsSz7SYcUuCea8	—	2023-02-09
URL	https://service-98cbalut-1302394400.sh.apigw.tencentcs.com:443/api/x	—	2023-02-09
URL	https://service-cetz3fn1-1308943111.sh.apigw.tencentcs.com/api/jquery.fancybox.min.js	—	2023-02-09
URL	https://uranustechsolution.com/an.js	a6ac590ac8eecb42b6b02044e18a6c5464ea03ea5e026ce3b95280633956a0c3	2023-02-09
domain	dns-google.net	—	2023-02-09
domain	goodsport2023.win	—	2023-02-09
domain	playfish.fun	—	2023-02-09
domain	windowsupdate-cdn.click	—	2023-02-09
hostname	prod.risio.co.in	—	2023-02-09
hostname	resolve-address.ddns.net	—	2023-02-09
hostname	service-4xrjz1wg-1253795072.gz.apigw.tencentcs.com	—	2023-02-09
hostname	service-98cbalut-1302394400.sh.apigw.tencentcs.com	—	2023-02-09
hostname	www.microsofe.xyz	—	2023-02-09
URL	http://103.127.124.139:2053	—	2023-02-09
URL	http://103.127.124.139:2096	—	2023-02-09
URL	http://103.142.246.194:8443	—	2023-02-09
URL	http://103.149.200.79:9530/dpixel	—	2023-02-09
URL	http://103.149.200.79:9530/ptj	—	2023-02-09
URL	http://103.215.223.119:80	—	2023-02-09
URL	http://103.215.81.189:6688/fwlink	—	2023-02-09
URL	http://103.241.73.58:443	—	2023-02-09
URL	http://103.87.240.167/ga.js	—	2023-02-09
URL	http://103.87.240.167:80	—	2023-02-09
URL	http://104.207.152.82:82/dpixel	—	2023-02-09
URL	http://106.126.12.87:8808	—	2023-02-09
URL	http://107.151.203.95:20000/jquery-3.3.1.min.js	—	2023-02-09
URL	http://107.174.186.22:6666/load	—	2023-02-09
URL	http://107.174.27.242:5556/g.pixel	—	2023-02-09
URL	http://108.163.207.38/ga.js	—	2023-02-09
URL	http://108.163.207.38:443	—	2023-02-09
URL	http://108.163.207.38:80	—	2023-02-09
URL	http://109.172.45.111:443	—	2023-02-09
URL	http://109.172.45.111:80	—	2023-02-09
URL	http://109.172.45.38:443	—	2023-02-09
URL	http://109.172.45.85:801	—	2023-02-09
URL	http://120.77.1.92:8000	—	2023-02-09
URL	http://120.77.18.249:55555/ptj	—	2023-02-09
URL	http://124.223.22.86:80	—	2023-02-09
URL	http://124.70.92.91/dpixel	—	2023-02-09
URL	http://124.70.92.91:80	—	2023-02-09
URL	http://137.184.10.204:80	—	2023-02-09
URL	http://139.177.146.20/en_US/all.js	—	2023-02-09
URL	http://139.177.146.20:80	—	2023-02-09
URL	http://175.178.40.166:443	—	2023-02-09
URL	http://176.124.211.37:8080/ptj	—	2023-02-09
URL	http://177.135.180.180/match	—	2023-02-09
URL	http://179.60.147.196/bm.html	—	2023-02-09
URL	http://179.60.147.196:80	—	2023-02-09
URL	http://180.184.84.232:443	—	2023-02-09
URL	http://180.76.247.230:2345	—	2023-02-09
URL	http://185.254.37.182:443	—	2023-02-09
URL	http://192.227.232.195:80	—	2023-02-09
URL	http://209.141.36.163/css/jquery.min.js	—	2023-02-09
URL	http://209.141.36.163:80	—	2023-02-09
URL	http://212.118.39.116/ptj	—	2023-02-09
URL	http://212.118.39.116:80	—	2023-02-09
URL	http://212.118.39.116:8080	—	2023-02-09
URL	http://216.127.164.252/g.pixel	—	2023-02-09
URL	http://216.127.164.252:80	—	2023-02-09
URL	http://23.105.215.114:443	—	2023-02-09
URL	http://23.227.203.70:443	—	2023-02-09
URL	http://23.227.203.70:80	—	2023-02-09
URL	http://23.234.41.225:8081/ga.js	—	2023-02-09
URL	http://23.234.41.225:81/fwlink	—	2023-02-09
URL	http://23.234.41.226:8081	—	2023-02-09
URL	http://43.129.158.87:8082/fwlink	—	2023-02-09
URL	http://43.129.88.120:63011/Uploads/images/malleables/001.png	—	2023-02-09
URL	http://45.145.230.248:8090/visit.js	—	2023-02-09
URL	http://45.32.157.106:2083	—	2023-02-09
URL	http://45.61.188.128:443	—	2023-02-09
URL	http://45.88.221.91:808/image/	—	2023-02-09
URL	http://69.176.94.39:6666/image/	—	2023-02-09
URL	http://8.130.9.56/fwlink	—	2023-02-09
URL	http://8.130.9.56:80	—	2023-02-09
URL	http://81.161.229.111:4433	—	2023-02-09
URL	http://82.157.163.90:80	—	2023-02-09
URL	http://89.188.222.22/match	—	2023-02-09
URL	http://appdevtechnology.com:801/massaction	—	2023-02-09
URL	http://aspnetcenter.com/da.html	—	2023-02-09
URL	http://www.google-dns.cloud:2053/j.ad	—	2023-02-09
URL	https://103.241.73.58/cx	—	2023-02-09
URL	https://107.174.186.22:8091/updates.rss	—	2023-02-09
URL	https://108.163.207.38/dpixel	—	2023-02-09
URL	https://157.90.240.174:63443/updates.rss	—	2023-02-09
URL	https://175.178.40.166/ca	—	2023-02-09
URL	https://185.254.37.182/index.htm	—	2023-02-09
URL	https://23.94.255.18:4431/ikklmsubgfmsaswge/	—	2023-02-09
URL	https://aspnetcenter.com/ch	—	2023-02-09
URL	https://cs45.meiiqia.com/www/handle/doc	—	2023-02-09
URL	https://dns-google.net:2096/push	—	2023-02-09
URL	https://f495b6ab9dcf8d3b.info:2083/j.ad	—	2023-02-09
URL	https://kani-cn.bytedance.net.cdn.dnsv1.com.cn/www/handle/doc	—	2023-02-09
URL	https://nxsimdevelop.com/cs.js	—	2023-02-09
URL	https://www.microsofe.xyz:8443/en_US/all.js	—	2023-02-09
domain	aspnetcenter.com	—	2023-02-09
domain	audelr.com	—	2023-02-09
domain	csou.link	—	2023-02-09
domain	f495b6ab9dcf8d3b.info	—	2023-02-09
domain	integrated-security.net	—	2023-02-09
domain	nxsimdevelop.com	—	2023-02-09
domain	uranustechsolution.com	—	2023-02-09
hostname	cs45.meiiqia.com	—	2023-02-09
hostname	kani-cn.bytedance.net.cdn.dnsv1.com.cn	—	2023-02-09
hostname	www.google-dns.cloud	—	2023-02-09

References (2)

↗ https://threatfox.abuse.ch/browse.php?search=malware%3ACobaltStrike+ ↗ https://www.alertasyseguridad.com/repositorio-ioc/