Malicious Python Script with a "Best Before" Date | Cobalt Strike Beacon

June 6, 2024, 12:36 p.m.

Description

This post details analysis of a malicious Python script, which yielded a hash for a Cobalt Strike beacon.

External References

https://isc.sans.edu/diary/rss/30988
https://otx.alienvault.com/pulse/6661ad07d5f96feb47551045
Tags
2024-06-06
python script
cobaltstike

Date

  • Created: June 6, 2024, 12:35 p.m.
  • Published: June 6, 2024, 12:35 p.m.
  • Modified: June 6, 2024, 12:36 p.m.

Indicators

  • eca1cd9ce317ada991e0a037e70c15e471e9076faa58adf682efbfe22ffa747f
Download all indicators here!

Attack Patterns

  • ALF:Cobalt_beacon_dll
  • TA0011