Pulse Detail — Threat Intelligence

PULSE NAME

ACTIVIDAD MALICIOSA | Relacionada con Cobalt Strike 25-07-2023

WHITE esoporteingenieria2020 2023-07-25 Modified: 2023-08-24

256

IOCs

HIGH VOLUME

Cobalt Strike es una herramienta usada para detectar vulnerabilidades de acceso al sistema. La herramienta en sí se usa normalmente para pruebas de software y para encontrar varios errores y fallos de seguridad. Sin embargo, el problema viene cuando los ciberdelincuentes se aprovechan de tales herramientas y Cobalt Strike no es una excepción Según la investigación, esas personas envían cientos de miles de correos basura con adjuntos maliciosos Microsoft Word diseñados para inyectar Cobalt Strike en el sistema.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1001 T1003 T1005 T1007 T1012 T1016 T1018 T1021 T1027 T1029 T1030 T1046 T1047 T1049 T1055 T1056

MALWARE FAMILIES

Cobalt Strike - S0154

Indicators of Compromise (256)

All URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://1.15.244.128:8088/__utm.gif	—	2023-07-25
URL	http://1.15.244.128:8088/activity	—	2023-07-25
URL	http://101.34.36.115:8067/__utm.gif	—	2023-07-25
URL	http://102.117.169.88:443	—	2023-07-25
URL	http://102.117.169.88:80	—	2023-07-25
URL	http://102.117.174.159:443	—	2023-07-25
URL	http://102.117.174.159:80	—	2023-07-25
URL	http://103.101.176.148:8032	—	2023-07-25
URL	http://103.143.81.170/jquery-3.3.1.min.js	—	2023-07-25
URL	http://103.143.81.170:80	—	2023-07-25
URL	http://103.242.132.184:2095/dot.gif	—	2023-07-25
URL	http://103.242.132.184:2096/en_US/all.js	—	2023-07-25
URL	http://103.57.228.99:443	—	2023-07-25
URL	http://103.57.228.99:8443	—	2023-07-25
URL	http://111.229.97.178/ga.js	—	2023-07-25
URL	http://111.229.97.178:80	—	2023-07-25
URL	http://111.230.111.193:88/introduction/edr	—	2023-07-25
URL	http://111.67.194.17:8081/ga.js	—	2023-07-25
URL	http://111.67.194.17:8888/dot.gif	—	2023-07-25
URL	http://111.67.199.43:60000/__utm.gif	—	2023-07-25
URL	http://114.132.156.55:443	—	2023-07-25
URL	http://114.132.172.91/j.ad	—	2023-07-25
URL	http://114.132.76.18:8080/ca	—	2023-07-25
URL	http://114.55.244.175:8888/g.pixel	—	2023-07-25
URL	http://116.204.65.190:8099/en_US/all.js	—	2023-07-25
URL	http://116.204.71.232:8007/sugrec	—	2023-07-25
URL	http://116.204.85.141/dpixel	—	2023-07-25
URL	http://116.63.173.221:443	—	2023-07-25
URL	http://118.195.181.106:443	—	2023-07-25
URL	http://118.31.70.238/ptj	—	2023-07-25
URL	http://118.31.70.238:80	—	2023-07-25
URL	http://119.13.90.176:9000/fwlink	—	2023-07-25
URL	http://119.18.157.142:443	—	2023-07-25
URL	http://119.45.243.177:8080/article/details	—	2023-07-25
URL	http://119.91.31.184:808/jquery-3.3.1.min.js	—	2023-07-25
URL	http://120.25.207.14:60032/pixel	—	2023-07-25
URL	http://120.26.46.50:8873/ca	—	2023-07-25
URL	http://120.46.210.49/j.ad	—	2023-07-25
URL	http://120.46.210.49:80	—	2023-07-25
URL	http://120.46.210.49:90/__utm.gif	—	2023-07-25
URL	http://120.55.240.205:8080/j.ad	—	2023-07-25
URL	http://121.196.198.11:32000	—	2023-07-25
URL	http://121.37.198.144/match	—	2023-07-25
URL	http://121.37.27.3:6666/dpixel	—	2023-07-25
URL	http://121.40.234.72:10010/j.ad	—	2023-07-25
URL	http://122.152.237.207:81/dot.gif	—	2023-07-25
URL	http://123.60.156.17/api/x	—	2023-07-25
URL	http://123.60.156.17:80	—	2023-07-25
URL	http://124.220.28.253/ca	—	2023-07-25
URL	http://124.220.58.136:443	—	2023-07-25
URL	http://124.221.58.61:53	—	2023-07-25
URL	http://124.222.57.223:8081/static/js/jquery3.2.1.js	—	2023-07-25
URL	http://124.223.91.53:88/IE9CompatViewList.xml	—	2023-07-25
URL	http://124.223.91.53:88/ptj	—	2023-07-25
URL	http://124.71.26.85:8088/visit.js	—	2023-07-25
URL	http://125.128.113.108:8443	—	2023-07-25
URL	http://128.199.192.131:443	—	2023-07-25
URL	http://139.155.139.51/www/handle/doc	—	2023-07-25
URL	http://139.155.139.51:80	—	2023-07-25
URL	http://139.159.196.229:8065/match	—	2023-07-25
URL	http://139.162.74.42:443	—	2023-07-25
URL	http://139.9.41.77:9000/g.pixel	—	2023-07-25
URL	http://141.164.49.27:443	—	2023-07-25
URL	http://141.255.156.123:443	—	2023-07-25
URL	http://146.70.161.20:443	—	2023-07-25
URL	http://149.28.186.74:443	—	2023-07-25
URL	http://149.28.82.193:8080/cm	—	2023-07-25
URL	http://15.235.147.187:20000/match	—	2023-07-25
URL	http://150.158.53.87:2020/load	—	2023-07-25
URL	http://152.32.145.237:443	—	2023-07-25
URL	http://159.75.254.173:443	—	2023-07-25
URL	http://172.245.27.233:8080/dot.gif	—	2023-07-25
URL	http://172.86.127.13:8080/pixel.gif	—	2023-07-25
URL	http://173.82.235.208/dot.gif	—	2023-07-25
URL	http://173.82.235.208:80	—	2023-07-25
URL	http://175.178.213.12/introduction/edr	—	2023-07-25
URL	http://175.178.213.59/load	—	2023-07-25
URL	http://175.178.74.238:80	—	2023-07-25
URL	http://175.178.90.192:6603/dpixel	—	2023-07-25
URL	http://175.24.201.188:32000/match	—	2023-07-25
URL	http://175.27.223.111:443	—	2023-07-25
URL	http://175.27.223.111:80	—	2023-07-25
URL	http://180.76.99.119:18888/fwlink	—	2023-07-25
URL	http://182.86.188.66:4445/en_US/all.js	—	2023-07-25
URL	http://185.225.74.182:4444/load	—	2023-07-25
URL	http://185.225.74.182:4444/pixel.gif	—	2023-07-25
URL	http://192.227.155.185/jquery-3.3.1.min.js	—	2023-07-25
URL	http://194.50.153.13:80	—	2023-07-25
URL	http://195.133.23.90:53	—	2023-07-25
URL	http://2.58.15.233:443	—	2023-07-25
URL	http://201.95.130.179:443	—	2023-07-25
URL	http://208.70.76.100:8080/cm	—	2023-07-25
URL	http://208.70.76.100:9000/cm	—	2023-07-25
URL	http://209.141.42.26:443	—	2023-07-25
URL	http://23.224.61.113:4444/cm	—	2023-07-25
URL	http://23.225.40.130:443	—	2023-07-25
URL	http://23.234.254.155:8888/dpixel	—	2023-07-25
URL	http://23.234.254.155:8888/pixel	—	2023-07-25
URL	http://31.44.184.73/__utm.gif	—	2023-07-25
URL	http://38.147.172.224/match	—	2023-07-25
URL	http://38.54.33.188/ca	—	2023-07-25
URL	http://38.54.33.188/dpixel	—	2023-07-25
URL	http://38.54.33.188:80	—	2023-07-25
URL	http://38.54.33.188:8080	—	2023-07-25
URL	http://38.54.33.188:8443	—	2023-07-25
URL	http://38.60.47.63:443	—	2023-07-25
URL	http://39.99.45.71:3306/sugrec	—	2023-07-25
URL	http://43.128.106.190:6666/image/	—	2023-07-25
URL	http://43.134.228.170/activity	—	2023-07-25
URL	http://43.134.228.170:80	—	2023-07-25
URL	http://43.138.118.165/en_US/all.js	—	2023-07-25
URL	http://43.138.118.165:80	—	2023-07-25
URL	http://43.138.66.190/dpixel	—	2023-07-25
URL	http://43.138.66.190:80	—	2023-07-25
URL	http://43.139.56.249:8088/activity	—	2023-07-25
URL	http://43.143.175.212/__utm.gif	—	2023-07-25
URL	http://43.143.175.212:80	—	2023-07-25
URL	http://45.140.169.143/ca	—	2023-07-25
URL	http://45.140.169.21:8082/load	—	2023-07-25
URL	http://45.145.229.221/dpixel	—	2023-07-25
URL	http://45.145.229.221/j.ad	—	2023-07-25
URL	http://45.145.229.221:80	—	2023-07-25
URL	http://45.76.125.214:53	—	2023-07-25
URL	http://45.89.107.78/fwlink	—	2023-07-25
URL	http://45.89.107.78:80	—	2023-07-25
URL	http://45.94.42.61:18080/cx	—	2023-07-25
URL	http://46.21.153.175:80	—	2023-07-25
URL	http://46.30.41.210:88/en_US/all.js	—	2023-07-25
URL	http://47.100.170.9/ptj	—	2023-07-25
URL	http://47.100.170.9:80	—	2023-07-25
URL	http://47.100.215.156/dot.gif	—	2023-07-25
URL	http://47.100.249.61:4488/match	—	2023-07-25
URL	http://47.103.106.214:8080/activity	—	2023-07-25
URL	http://47.104.239.124:6603	—	2023-07-25
URL	http://47.106.117.218:60001/load	—	2023-07-25
URL	http://47.106.161.16:90/match	—	2023-07-25
URL	http://47.106.162.111:8888/activity	—	2023-07-25
URL	http://47.108.105.126:2080/ca	—	2023-07-25
URL	http://47.108.164.9:88/fwlink	—	2023-07-25
URL	http://47.111.99.111:8443	—	2023-07-25
URL	http://47.118.48.188:5555/activity	—	2023-07-25
URL	http://47.120.40.107/ca	—	2023-07-25
URL	http://47.120.40.107:80	—	2023-07-25
URL	http://47.47.34.246:80	—	2023-07-25
URL	http://47.93.60.109:8013/cx	—	2023-07-25
URL	http://47.94.222.211:6543/ca	—	2023-07-25
URL	http://47.99.45.68:443	—	2023-07-25
URL	http://49.232.214.202:8088/cm	—	2023-07-25
URL	http://49.234.46.112/fwlink	—	2023-07-25
URL	http://5.182.38.207:8084/submission.php	—	2023-07-25
URL	http://51.68.174.80:53	—	2023-07-25
URL	http://51.68.174.80:80	—	2023-07-25
URL	http://59.110.235.230:888/cm	—	2023-07-25
URL	http://60.205.207.32:45051/jquery-3.3.1.min.js	—	2023-07-25
URL	http://8.146.200.148:60000/ca	—	2023-07-25
URL	http://81.68.130.209/pixel.gif	—	2023-07-25
URL	http://81.68.130.209:80	—	2023-07-25
URL	http://82.156.148.36:30001/jquery-3.3.1.min.js	—	2023-07-25
URL	http://85.175.101.203/ptj	—	2023-07-25
URL	http://88.218.60.212/en_US/all.js	—	2023-07-25
URL	http://88.218.60.212:80	—	2023-07-25
URL	http://cerpotionfe.com/design/query/9X5M3SOE0F	—	2023-07-25
URL	http://cs.125nmlx-op125.top:8080/push	—	2023-07-25
URL	http://license.itekgroup.com:443/poll	—	2023-07-25
URL	http://license.werewolves.su:443/poll	—	2023-07-25
URL	http://plazar.xyz/__utm.gif	—	2023-07-25
URL	http://service-dafg2f39-1307026294.sh.apigw.tencentcs.com/ptj	—	2023-07-25
URL	http://service-jinjrw2r-1255936572.sh.apigw.tencentcs.com/cgi-bin/mmwebwx-bin/webwxgetcontact	—	2023-07-25
URL	http://tcessolution.com/btn_bg.html	—	2023-07-25
URL	http://vps.cpple.tk:8888/ca	—	2023-07-25
URL	http://vps.cpple.tk:8888/j.ad	—	2023-07-25
URL	http://xianxiaobai.top:8080/g.pixel	—	2023-07-25
URL	http://xianxiaobai.top:8087/pixel	—	2023-07-25
URL	https://1.117.169.18:10443/ga.js	—	2023-07-25
URL	https://1.15.247.249:8088/ptj	—	2023-07-25
URL	https://101.43.215.118/match	—	2023-07-25
URL	https://101.75.251.21/auth/data	—	2023-07-25
URL	https://104.244.94.132/push	—	2023-07-25
URL	https://106.12.35.200:8443/IE9CompatViewList.xml	—	2023-07-25
URL	https://107.173.111.16/visit.js	—	2023-07-25
URL	https://116.204.77.75/cx	—	2023-07-25
URL	https://120.25.207.14:12233/match	—	2023-07-25
URL	https://124.223.12.122/pixel.gif	—	2023-07-25
URL	https://124.70.199.215:7002/ca	—	2023-07-25
URL	https://124.71.26.85/load	—	2023-07-25
URL	https://128.199.192.131/messages/O7TO447JgXXbpdLRV6vz0	—	2023-07-25
URL	https://139.155.42.254/match	—	2023-07-25
URL	https://139.162.74.42/improve/v7.98/F60H46TG	—	2023-07-25
URL	https://141.164.49.27/www/handle/doc	—	2023-07-25
URL	https://141.255.156.123/cm	—	2023-07-25
URL	https://165.154.161.150:4443/ca	—	2023-07-25
URL	https://172.245.27.233/j.ad	—	2023-07-25
URL	https://172.86.127.13:9090/match	—	2023-07-25
URL	https://175.178.74.238:8088/dpixel	—	2023-07-25
URL	https://180.76.99.119:18889/visit.js	—	2023-07-25
URL	https://194.26.29.99:10443/push	—	2023-07-25
URL	https://2.58.15.233/make/corporate/CCX0XBFKBTIP	—	2023-07-25
URL	https://209.141.42.26/dot.gif	—	2023-07-25
URL	https://211.149.186.220:9443/ga.js	—	2023-07-25
URL	https://218.61.197.137/auth/data	—	2023-07-25
URL	https://23.224.196.208:8011/www/handle/doc	—	2023-07-25
URL	https://2b594.danamoninternal.com/jquery-3.6.1.min.js	—	2023-07-25
URL	https://2b597.danamoninternal.com/jquery-3.6.1.min.js	—	2023-07-25
URL	https://43.129.239.195:4433/ca	—	2023-07-25
URL	https://43.136.218.157/en_US/all.js	—	2023-07-25
URL	https://45.207.27.31:8443/dpixel	—	2023-07-25
URL	https://45.94.42.61:8443/IE9CompatViewList.xml	—	2023-07-25
URL	https://47.99.45.68/dot.gif	—	2023-07-25
URL	https://52.142.187.48/jquery-3.3.1.min.js	—	2023-07-25
URL	https://85.217.144.148/__utm.gif	—	2023-07-25
URL	https://api.upgrad3.cc/cm	—	2023-07-25
URL	https://bell.dyndns-server.com/push	—	2023-07-25
URL	https://buzubolup.online/make/corporate/CCX0XBFKBTIP	—	2023-07-25
URL	https://company1.ccb.com.dsa.dnsv1.com.cn/jquery-3.3.1.min.js	—	2023-07-25
URL	https://creditcheck.ppdai.com/audiencemanager.js	—	2023-07-25
URL	https://cs.125nmlx-op125.top:8443/dot.gif	—	2023-07-25
URL	https://gold.ccb.com.dsa.dnsv1.com.cn/jquery-3.3.1.min.js	—	2023-07-25
URL	https://jdklove.top/improve/v7.98/F60H46TG	—	2023-07-25
URL	https://miao.xiaogoubi.top:8443/idle/1376547834/1	—	2023-07-25
URL	https://ns1.gcloud-api.com:8443/updates.rss	—	2023-07-25
URL	https://service-0gfsz81a-1306743016.gz.apigw.tencentcs.com/api/sgget-0725	—	2023-07-25
URL	https://service-9scl1l0u-1257789504.nj.apigw.tencentcs.com/api/x	—	2023-07-25
URL	https://service-a7n7217q-1258444660.gz.apigw.tencentcs.com/Contact/launchpage/ELR8U5MOB	—	2023-07-25
URL	https://service-jinjrw2r-1255936572.sh.apigw.tencentcs.com/cgi-bin/mmwebwx-bin/webwxgetcontact	—	2023-07-25
URL	https://service-ntfl1fj6-1300612713.gz.apigw.tencentcs.com/static/js/vue.min.js	—	2023-07-25
URL	https://sport-program.com/metro91/admin/1/ppptp.jpg	—	2023-07-25
URL	https://teste.mac4.eco.br/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	—	2023-07-25
domain	buzubolup.online	—	2023-07-25
domain	cerpotionfe.com	—	2023-07-25
domain	jdklove.top	—	2023-07-25
domain	plazar.xyz	—	2023-07-25
domain	sport-program.com	—	2023-07-25
domain	tcessolution.com	—	2023-07-25
domain	xianxiaobai.top	—	2023-07-25
hostname	2b594.danamoninternal.com	—	2023-07-25
hostname	2b597.danamoninternal.com	—	2023-07-25
hostname	api.upgrad3.cc	—	2023-07-25
hostname	bell.dyndns-server.com	—	2023-07-25
hostname	company1.ccb.com.dsa.dnsv1.com.cn	—	2023-07-25
hostname	creditcheck.ppdai.com	—	2023-07-25
hostname	cs.125nmlx-op125.top	—	2023-07-25
hostname	gold.ccb.com.dsa.dnsv1.com.cn	—	2023-07-25
hostname	license.itekgroup.com	—	2023-07-25
hostname	license.werewolves.su	—	2023-07-25
hostname	miao.xiaogoubi.top	—	2023-07-25
hostname	ns1.gcloud-api.com	—	2023-07-25
hostname	ns1.proxyservice.shop	—	2023-07-25
hostname	oob.plazar.xyz	—	2023-07-25
hostname	service-0gfsz81a-1306743016.gz.apigw.tencentcs.com	—	2023-07-25
hostname	service-9scl1l0u-1257789504.nj.apigw.tencentcs.com	—	2023-07-25
hostname	service-a7n7217q-1258444660.gz.apigw.tencentcs.com	—	2023-07-25
hostname	service-dafg2f39-1307026294.sh.apigw.tencentcs.com	—	2023-07-25
hostname	service-jinjrw2r-1255936572.sh.apigw.tencentcs.com	—	2023-07-25
hostname	service-ntfl1fj6-1300612713.gz.apigw.tencentcs.com	—	2023-07-25
hostname	teste.mac4.eco.br	—	2023-07-25
hostname	vps.cpple.tk	—	2023-07-25

References (3)

↗ https://www.pcrisk.es/guias-de-desinfeccion/9042-cobalt-strike-malware ↗ https://bazaar.abuse.ch/browse.php?search=signature%3ACobalt+Strike ↗ https://threatfox.abuse.ch/browse/malware/win.cobalt_strike/