Exposing a Currently Active and Spreading Cobalt Strike Serving Malicious Software Campaign

January 26, 2023

I've just came across to a currently circulating Cobalt Strike serving malicious software campaign and I've decided to share the details with everyone reading this blog.

Original malware hosting location: hxxp://bsctech[.]ac[.]th/css/43[.]exe

MD5: d8d8cb60d196a26765261b1ca8604d1e

Sample C&C server IPs known to have been involved in the campaign include:

hxxp://5[.]253[.]234[.]40 -> hxxp://5[.]253[.]234[.]40/activity -> hxxp://5[.]253[.]234[.]40/activity/submit[.]php

Sample geolocation of the known C&C server IP:

Sample C&C server domains known to have been involved in the campaign include:

hxxp://bpltjykhm[.]online

hxxp://51lqm[.]online

About the author

Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Exposing a Currently Active and Spreading Cobalt Strike Serving Malicious Software Campaign

About the author

0 Comments:

RSS Feed

About Me

Blog Archive

Tags

Popular Posts