Rewterz Threat Alert – Android Malware Targets Taxpayers in India
September 7, 2021Rewterz Threat Alert – Conti Ransomware – Active IOCs
September 7, 2021Rewterz Threat Alert – Android Malware Targets Taxpayers in India
September 7, 2021Rewterz Threat Alert – Conti Ransomware – Active IOCs
September 7, 2021Severity
High
Analysis Summary
Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.
Impact
- Data Exfiltration
- Information Theft
Indicators of Compromise
Domain Name
- baldocdn[.]xyz
- kuyeguh[.]com
- cloud-dock[.]net
- intensewarer[.]com
- koviluk[.]com
IP
- 108[.]61[.]169[.]99
- 104[.]243[.]33[.]222
- 23[.]108[.]57[.]186
- 170[.]130[.]28[.]40
- 31[.]14[.]41[.]225
Remediation
- Search for IOCs in your environment.
- Block all treat indicators at your respective controls.