Cobalt Stike Beacon Detected – 129[.]226[.]15[.]142:443
Cobalt Strike Beacon Detection Alerts
The Information provided at the time of posting was detected as “Cobalt Strike”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
TimeStamp 2021-12-22T07:21:16.841051
General Information
Cobalt Strike Beacon Information
| Beacon Type | N/A |
| http-get.client | |
| http-post.client | |
| DNS Beacon MaxDNS | N/A |
| DNS Beacon Idle | N/A |
| Beacon Jitter | N/A |
| dns-beacon.strategy_fail_seconds | N/A |
| dns-beacon.strategy_rotate_seconds | N/A |
| dns-beacon.strategy_fail_x | N/A |
| HTTP GET URI | |
| HTTP POST URI | N/A |
| Max GET Size | N/A |
| Port | N/A |
| post-ex.spawnto_x64 | |
| post-ex.spawnto_x86 | |
| process-inject.startrwx | N/A |
| process-inject.userwx | N/A |
| process-inject.allocator | N/A |
| proxy.behavior | N/A |
| sleeptime | N/A |
| useragent_header | N/A |
| uses_cookies | N/A |
| process-inject.execute | |
| Watermark | N/A |
| Beacon Stage Cleanup | N/A |
