Cobalt Strike C2 Infrastructure possibly attributed to CVE-2021-40444
Threat Actors Infrastructure (VT Analysis)
The starting point is from the TrendMicro blog. I will take a look at joxinu[.]com, dodefoh[.]com, and pawevi[.]com, and I will try to find out if the Threat Actor deployed additional C2’s on the same hosting provider, subnets, and IP range.
Remote Code Execution Zero-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This…