otx.alienvault.com
Open in
urlscan Pro
143.204.98.80
Public Scan
URL:
https://otx.alienvault.com/pulse/6194c58a0d736fbccd5625b2?source=email_notification
Submission: On November 17 via api from US — Scanned from DE
Submission: On November 17 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (165047) Suggest Edit Clone Embed Download Report Spam ATTACKERS USE DOMAIN FRONTING TECHNIQUE TO TARGET MYANMAR WITH COBALT STRIKE * Created 52 minutes ago by AlienVault * Public * TLP: White Security researchers discovered a new malicious campaign using Cobalt Strike beacons to target Myanmar, a state-owned domain owned and operated by the Myanmar government, and is using the tactic of re-registering reputed domains to evade detection. Reference: https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html Tags: cobalt strike, meterpreter, myanmar Adversary: Myanmar Targeted Country: Myanmar Malware Families: Cobalt Strike , Meterpreter Att&ck IDs: T1102 - Web Service , T1140 - Deobfuscate/Decode Files or Information , T1134 - Access Token Manipulation , T1090 - Proxy , T1189 - Drive-by Compromise , T1566 - Phishing , T1027 - Obfuscated Files or Information , T1071 - Application Layer Protocol , T1105 - Ingress Tool Transfer , T1202 - Indirect Command Execution Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (19) * Related Pulses (3) * Comments (0) * History (0) IPv4 (1)Other (1)FileHash-SHA1 (3)URL (6)FileHash-MD5 (3)FileHash-SHA256 (3) TYPES OF INDICATORS Russia (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamexxx.xxxx.tkNov 17, 2021, 9:04:11 AM1 hostnametest.softlemon.netNov 17, 2021, 9:04:11 AM3 domainsoftlemon.netNov 17, 2021, 9:04:11 AM2 URLhttps://193.135.134.124:8443Nov 17, 2021, 9:04:11 AM1 URLhttp://test.softlemon.net:8081/api/3Nov 17, 2021, 9:04:11 AM3 URLhttp://test.softlemon.net:8080/Nov 17, 2021, 9:04:11 AM1 URLhttp://193.135.134.124:8081Nov 17, 2021, 9:04:11 AM1 URLhttp://193.135.134.124:8080Nov 17, 2021, 9:04:11 AM1 IPv4193.135.134.124Nov 17, 2021, 9:04:11 AM8 FileHash-SHA256e806e55713b9e46dc7896521ffb9a8b3abaa597147ea387ff2e93a2469546ba9HackTool:Win32/CobaltStrike.ANov 17, 2021, 9:04:11 AM1 SHOWING 1 TO 10 OF 19 ENTRIES 1 2 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status