🐾 - 🚨 Default Cobalt Strike 🏴‍☠️ TLS Certificate 🔒 observed

SID: 3300176Rev: 50 views
Sourcepawpatrules
CreatedNovember 17, 2021
UpdatedJune 15, 2022
Classificationtrojan-activity
alert tls any any -> any any (msg:"🐾 - 🚨 Default Cobalt Strike 🏴‍☠️ TLS Certificate 🔒 observed"; flow:to_client, stateless; tls.cert_fingerprint; content:"6E:CE:5E:CE:41:92:68:3D:2D:84:E2:5B:0B:A7:E0:4F:9C:B7:EB:7C"; reference:url,https://github.com/Te-k/cobaltstrike; reference:url,https://www.shodan.io/search?query=ssl.cert.serial%3A146473198; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike; metadata:created_at 2021_11_17, updated_at 2022_06_15; sid:3300176; rev:5; classtype:trojan-activity;)

References

urlhttps://github.com/Te-k/cobaltstrike
urlhttps://www.shodan.io/search?query=ssl.cert.serial%3A146473198
urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Metadata

created at2021_11_17
updated at2022_06_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!