ExecuteMalware

2021-02-11 Possible Cobalt Strike Stager IOCs

Feb 11th, 2021 (edited)
5,625
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.61 KB | None | 0 0
  1. THREAT ATTRIBUTION: POSSIBLE COBALT STRIKE STAGER
  2.  
  3. SUBJECTS OBSERVED
  4. , medical complaint
  5. <Lastname>, medical complaint
  6. <Lastname>, lawyer request
  7. RE: Customer Complaint,
  8. RE: Customer Complaint, <Lastname>
  9.  
  10. SENDERS OBSERVED
  11.  
  12. COBALT STRIKE STAGER PAYLOAD LANDING URLS
  13. https://clinic-customer-complaint-11feb.getresponsepages.com/
  14. https://lawyer-complaint-rep-2-11.subscribemenow.com/
  15.  
  16. COBALT STRIKE STAGER FILE HASHES
  17. MedicalComplaint.exe
  18. a96004144208bdd15eb2daa0f4687df7
  19.  
  20. LawyerCustomerComplaint.exe
  21. 60772f2f4ba787c019ff29dc9c747381
  22.  
  23. BOTH CALL OUT TO:
  24. https://fast1arrival.com/sq?lid=false
  25.  
  26. SUPPORTING EVIDENCE
  27. https://www.virustotal.com/gui/domain/fast1arrival.com/relations
  28. https://www.virustotal.com/gui/file/7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f/community
  29. https://www.virustotal.com/gui/file/8914f3788daa9f035228f97ad92fd3f3b3fd44891fa53a18bbfc61b932cdb1b5/detection
  30. https://www.virustotal.com/gui/file/d3ec7efe7d7477c4323560cb97a367d9052b9364fdff08f1e7c9626147de3160/behavior
  31.  
  32. https://app.any.run/tasks/b1277892-503c-4c5f-9a92-1ccce8138796/
  33. https://bazaar.abuse.ch/sample/7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f/
Add Comment
Please, Sign In to add comment