Exposing a Currently Active and Spreading Cobalt Strike Serving Malicious Software Campaign

I’ve just came across to a currently circulating Cobalt Strike serving malicious software campaign and I’ve decided to share the details with everyone reading this blog.

Original malware hosting location: hxxp://bsctech[.]ac[.]th/css/43[.]exe

MD5: d8d8cb60d196a26765261b1ca8604d1e

Sample C&C server IPs known to have been involved in the campaign include:

hxxp://5[.]253[.]234[.]40 -> hxxp://5[.]253[.]234[.]40/activity -> hxxp://5[.]253[.]234[.]40/activity/submit[.]php

Sample geolocation of the known C&C server IP:


Sample C&C server domains known to have been involved in the campaign include:

hxxp://bpltjykhm[.]online

hxxp://51lqm[.]online

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products