← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ExCobalt: GoRed, the hidden-tunnel technique
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
191
IOCs
HIGH VOLUME
A hidden-tunnel tool used by a notorious cybercrime gang has been discovered by the PT ESC CSIRT team, which investigates attacks linked to Russia and other countries in the future.
goredexcobaltvictimfield purposetagstokenclientidversionclientkeyloggingicmpnextcobaltinternaldropfirstcobalt strikesliverjuneapachelockermettlecodemonitoringfalsefiguregored backdoorptsecurityspark ratfebruarytoolspythonsuspiciousbaron samedit
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike GoRed Baron Samedit
Indicators of Compromise (45 / 191 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0385b0f83dbfc99c243ff066e3fe3cb2 MD5 of 4f6164321d10c7a54a54398ccc7b11c1e7390e38 2025-02-22
FileHash-MD5 0cda2ee10f5b8e9a241ef3e7e352752d 2025-02-22
FileHash-MD5 166a248f264fbf11998c86e8b384e47a 2025-02-22
FileHash-MD5 2cad1092a2828a33df2156a3a97d7cf1 2025-02-22
FileHash-MD5 3500760bc3e69102e01d256637f5f4a8 2025-02-22
FileHash-MD5 376531d8a3a19016aa64d80dec23d980 2025-02-22
FileHash-MD5 415d091f42fc62e8dfb6f8bb5ce641c5 2025-02-22
FileHash-MD5 46eb5fa7c75cc29d89f3e48be26bbd46 2025-02-22
FileHash-MD5 489fbca25049e5fab9dca10541e33214 2025-02-22
FileHash-MD5 4a04baf3c65581bcd14fbaf58aa6860b 2025-02-22
FileHash-MD5 63f6de3c86de55172b147b947f29c808 MD5 of 5a504869350a4bdbcda22b09dbe7b05a7551a860 2025-02-22
FileHash-MD5 64db61efc8acf370b91110b6f93d4dce MD5 of a81373d92d798418109552fb91d4c407d4c37a89 2025-02-22
FileHash-MD5 6ea3feb1888ce02e3d0d2857b5ef71c4 2025-02-22
FileHash-MD5 6f6e7fe49a8d5696f389e202d3b8c7e2 2025-02-22
FileHash-MD5 76cc921e5b26a0720db213479bff1ea2 2025-02-22
FileHash-MD5 7dc1e49f1664af70d85d31af70f29071 2025-02-22
FileHash-MD5 83b8aa078be2a0a5ca0ebf1968989a4b 2025-02-22
FileHash-MD5 848faa5839487c4331cb2a1146811f23 2025-02-22
FileHash-MD5 89ae36448f1922870f1a09c29f17c775 MD5 of 3b1329e81739b1ea6acbb4ec4dff11f02ff42570 2025-02-22
FileHash-MD5 9b6122f1b4f6513c22b50ef05e881f38 2025-02-22
FileHash-MD5 a2ff5b0bc0782560090574c992ccf995 2025-02-22
FileHash-MD5 a5fa43f822b6dd88298371232d49c597 MD5 of 1aa5b4deae98f707b0a529d97fd8e7f2372c549e 2025-02-22
FileHash-MD5 ad5c0363e7e28c69007f891fbc3dd030 2025-02-22
FileHash-MD5 b3a07b9f99f8d36bda871b63d55afb01 MD5 of 7e3d46ce5aa7345d8b84e6145323366122bd21f4 2025-02-22
FileHash-MD5 b5dc9a67f76fa18784b51fd3c5b9607c MD5 of de243b57b087f5d1cde50db1949aa3744f1f6b5e 2025-02-22
FileHash-MD5 b747c05888caf380edf6b2baab142272 2025-02-22
FileHash-MD5 b7735e157273a013f26515f0c969b093 2025-02-22
FileHash-MD5 b7db832b2598c83b7b077ce603a3ff73 MD5 of 1af6946263f4f548ffcf510c9f68378a4d7e0895 2025-02-22
FileHash-MD5 bc421b337fc639749528f2e756239269 2025-02-22
FileHash-MD5 c02bee46d6a7a46f54e6abe003fec897 2025-02-22
FileHash-MD5 c1f3f6efb9ef18268eb3b841065e6554 2025-02-22
FileHash-MD5 cad5cb82baccd1f28e381e5c924f204a 2025-02-22
FileHash-MD5 caf68b393d56548074b9434564cb0625 2025-02-22
FileHash-MD5 cded33e0e37e14bbf7cac53c4e305ece 2025-02-22
FileHash-MD5 d08bef69aee69d91b8cd0315175f665c 2025-02-22
FileHash-MD5 d215a54c581ab62079389c852d9ef84f 2025-02-22
FileHash-MD5 d3064fe5d8a402b26099fcdbaeaedef1 MD5 of f07e31056001ccc26be75772c9a2f3972cd8d96a 2025-02-22
FileHash-MD5 d3cd9d9bad6450e8fd4fd2e972639c69 MD5 of a190448a0c01a6e58610de27d022ccba0e755f79 2025-02-22
FileHash-MD5 e210c26d26a1395d9bc1de21fe1b2975 2025-02-22
FileHash-MD5 eda9ca5f9405b5e2d004a4ba5c0dcd16 2025-02-22
FileHash-MD5 fad11b841d84bbe33248719341b298d3 2025-02-22
FileHash-MD5 fbb3f02b37b10bde868fed9d7b750fd8 2025-02-22
FileHash-MD5 fc3b7f47958f6c1c6a93a2f2f970734c MD5 of 8030f2430234426ab3bdc8cdd995be7c4805d7d2 2025-02-22
FileHash-MD5 fcc1ad58da960c5780a66fcc24c6c2fa 2025-02-22
FileHash-MD5 ffc418b222c08f3071ff53cde4acb22e 2025-02-22
References (1)
↗ https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/