Cobalt Stike Beacon Detected – 18[.]117[.]147[.]91:443
Cobalt Strike Beacon Detection Alerts
The Information provided at the time of posting was detected as “Cobalt Strike”. Depending on when you are viewing this article, it may no longer be the case and could be determined as being a false positive. Please do your own additional validation. – RedPacket Security
TimeStamp 2023-05-19T22:37:50.597002
General Information
| Cloud Provider | Amazon |
| Cloud Region | us-east-2 |
| Service | EC2 |
| Domains | amazonaws[.]com, mersana[.]org |
| Hostnames | ec2-18-117-147-91[.]us-east-2[.]compute[.]amazonaws[.]com, remote[.]mersana[.]org |
| HTTP Host | 18[.]117[.]147[.]91 |
| ISP | Amazon.com, Inc. |
| ORG | Amazon Technologies Inc. |
| OS | N/A |
| HTTP |
AccelerAting ADC innovation... because patients are waiting Mersana’s mission is to discover and develop life-changing antibody-drug conjugates for patients fighting cancer. TechnologyMersana has developed highly differentiated and innovative antibody-drug conjugate (ADC) platforms, with both cytotoxic and immunostimulatory payloads, that allow for customization and optimization of ADCs for a given target and indication. As a result, we are designing ADCs to overcome the limitations of first-generation platforms by delivering therapeutics with greater efficacy and tolerability to address the unmet medical needs of people living with cancer. PipelineWe are leveraging our proprietary technology platforms to build a robust pipeline of ADCs with the potential to meaningfully improve the lives of people living with cancer. We are pursuing a multiprong strategy for treating cancer with both cytotoxic and immunostimulatory ADCs.  |
| HTTP HTML HASH | 1399724859 |
| HTTP LOCATION | / |
| HTTP REDIRECTS | |
| HTTP ROBOTS | N/A |
| HTTP ROBOTS HASH | N/A |
| HTTP SECURITY.TXT | N/A |
| HTTP SECURITY.TXT HASH | N/A |
| HTTP SERVER | N/A |
| HTTP SITEMAP | N/A |
| HTTP SITEMAP HASH | N/A |
| HTTP TITLE | Home - Mersana Therapeutics |
| LOCATION (AREA CODE) | N/A |
| LOCATION (CITY) | Hilliard |
| LOCATION (COUNTRY CODE) | US |
| LOCATION (COUNTRY NAME) | United States |
| LOCATION (LATITUDE) | 40.0334 |
| LOCATION (LONGITUDE) | -83.15825 |
| LOCATION (POSTAL CODE) | N/A |
| SSL SERIAL | 3.673171339301444e+41|
| SSL EXPIRED | N/A |
| SSL FINGERPRINT (SHA1) | c9b5f66a82e7ceca62ff87cc033716bc56790ff2 |
| SSL ISSUED | 20230517143331Z |
| SSL EXPIRES | 20230815143330Z |
| SSL CYPHER | TLS_AES_256_GCM_SHA384 |
| SSL VERSION | TLSv1.3 |
| SSL TRUST (REVOKED) | N/A |
| TAGS | cloud |
Cobalt Strike Beacon Information
| Beacon Type | N/A |
| http-get.client | |
| http-post.client | |
| DNS Beacon MaxDNS | N/A |
| DNS Beacon Idle | N/A |
| Beacon Jitter | N/A |
| dns-beacon.strategy_fail_seconds | N/A |
| dns-beacon.strategy_rotate_seconds | N/A |
| dns-beacon.strategy_fail_x | N/A |
| HTTP GET URI | |
| HTTP POST URI | N/A |
| Max GET Size | N/A |
| Port | N/A |
| post-ex.spawnto_x64 | |
| post-ex.spawnto_x86 | |
| process-inject.startrwx | N/A |
| process-inject.userwx | N/A |
| process-inject.allocator | N/A |
| proxy.behavior | N/A |
| sleeptime | N/A |
| useragent_header | N/A |
| uses_cookies | N/A |
| process-inject.execute | |
| Watermark | N/A |
| Beacon Stage Cleanup | N/A |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on "Patreon" or "Buy Me A Coffee" using the buttons below
To keep up to date follow us on the below channels.
