otx.alienvault.com
Open in
urlscan Pro
18.66.248.115
Public Scan
URL:
https://otx.alienvault.com/pulse/6233211f10a50719b9911339?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On March 17 via api from US — Scanned from DE
Submission: On March 17 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form _ngcontent-riq-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-riq-c132="" class="form-group"><label _ngcontent-riq-c132="" for="id_login">Username</label><input _ngcontent-riq-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-riq-c132="" class="form-group"><label _ngcontent-riq-c132="" for="id_password">Password</label><input _ngcontent-riq-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-riq-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-riq-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-riq-c132="" class="remember-checkbox"><label _ngcontent-riq-c132=""><input _ngcontent-riq-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (179391) Suggest Edit Clone Embed Download Report Spam HOW THE MALLEABLE C2 PROFILE MAKES COBALT STRIKE DIFFICULT TO DETECT * Created 2 hours ago by AlienVault * Public * TLP: White Cobalt Strike is a tool that emulates command and control communications, and is widely used in real-world attacks, but can also be used as a way to evade traditional firewall defenses. Reference: https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/ Tags: cobalt strike, Malleable C2 Profiles, stager, downloader Malware Family: Cobalt Strike Att&ck IDs: T1102 - Web Service , T1134 - Access Token Manipulation , T1566 - Phishing , T1094 - Custom Command and Control Protocol , T1071 - Application Layer Protocol , T1071.004 - DNS Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (7) * Related Pulses (2) * Comments (0) * History (0) IPv4 (2)Hostname (1)FileHash-SHA256 (4) TYPES OF INDICATORS Netherlands (1)United States (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamewww.symantecav.xyzMar 17, 2022, 11:53:04 AM0 IPv466.42.72.250Mar 17, 2022, 11:53:04 AM41 FileHash-SHA256fcdc426289dab0e5a73cd6fbac928ad48a8ff9b67e1d37df2794af6e7fa559e9Mar 17, 2022, 11:53:04 AM0 FileHash-SHA256d8b385d680bcdf7646f35df612712f7a3991f50a21cac8379630d05b3d2337aeMar 17, 2022, 11:53:04 AM0 FileHash-SHA2566a6e5d2faeded086c3a97e14994d663e2ff768cb3ad1f5a1aa2a2b5fd344dde2Mar 17, 2022, 11:53:04 AM0 FileHash-SHA25608e901d4ed0b43b46e632158f5ec5e900f16015e18995a875f62903a3c1eb1f9Mar 17, 2022, 11:53:04 AM0 IPv4146.0.77.110scanning_hostMar 17, 2022, 11:53:04 AM11 SHOWING 1 TO 7 OF 7 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email