Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: POSSIBLE COBALT STRIKE STAGER
- SUBJECTS OBSERVED
- , medical complaint
- <Lastname>, medical complaint
- <Lastname>, lawyer request
- RE: Customer Complaint,
- RE: Customer Complaint, <Lastname>
- SENDERS OBSERVED
- COBALT STRIKE STAGER PAYLOAD LANDING URLS
- https://clinic-customer-complaint-11feb.getresponsepages.com/
- https://lawyer-complaint-rep-2-11.subscribemenow.com/
- COBALT STRIKE STAGER FILE HASHES
- MedicalComplaint.exe
- a96004144208bdd15eb2daa0f4687df7
- LawyerCustomerComplaint.exe
- 60772f2f4ba787c019ff29dc9c747381
- BOTH CALL OUT TO:
- https://fast1arrival.com/sq?lid=false
- SUPPORTING EVIDENCE
- https://www.virustotal.com/gui/domain/fast1arrival.com/relations
- https://www.virustotal.com/gui/file/7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f/community
- https://www.virustotal.com/gui/file/8914f3788daa9f035228f97ad92fd3f3b3fd44891fa53a18bbfc61b932cdb1b5/detection
- https://www.virustotal.com/gui/file/d3ec7efe7d7477c4323560cb97a367d9052b9364fdff08f1e7c9626147de3160/behavior
- https://app.any.run/tasks/b1277892-503c-4c5f-9a92-1ccce8138796/
- https://bazaar.abuse.ch/sample/7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f/
Add Comment
Please, Sign In to add comment