-
Cobalt Strike – Part Two – Kill dates
Cobalt Strike – Part Two – Kill dates The data used for this post, and subsequent posts regarding this topic, has been graciously made available by https://hunt.io. The data used in this, and subsequent posts, spans from 2024-01-01 to 2024-05-01. Featured image is AI generated and has provided us with ‘Coblalt Strkie’. Introduction This is…
-
Cobalt Strike – Part One – Statistics
Cobalt Strike – Part One – Statistics The data used for this post, and subsequent posts regarding this topic, has been graciously made available by https://hunt.io. Featured image is graciously AI generated and cannot spell ‘Cobalt Strike’. It just works. Introduction We are nearly halfway through 2024 and it’s time to do some stats. Specifically,…
-
mdrfckrs – part two
mdrfckrs – part two The contents of this post takes place from December 2022 and continues as of the time of publishing. Preface Please go read part one of this series for context. Continuation with the new commands The mdrfckr-saga continues with changes in methodology from the mdrfckr-botnet. The purpose of this post is to…
-
mdrfckrs – part one
mdrfckrs – part one The contents of this post takes place through October and November 2022. Preface The string ‘mdrfckr’ might ring a bell. It has previously been observed in relation to the ‘dota’-malware family. As ‘dota.tar.gz’ and ‘dota3.tar.gz’ were only observed 66 and 33 times, respectively, out of 12913 observations related to the ‘mdrfckr’-string,…