Member-only storyMapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444Michael Koczwara11 min read·Sep 12, 2021--SharePress enter or click to view image in full sizeThreat Actors Infrastructure (VT Analysis).Pivoting from 45.147.229[.]242Pivoting from 104.194.10[.]21Pivoting from 45.153.240[.]220Short summary and IOC’s.Press enter or click to view image in full sizeThreat Actors Cobalt Strike C2 InfrastructureCobalt Strike C2 Infrastructure possibly attributed to CVE-2021-40444Edit descriptiondrive.google.comThreat Actors Infrastructure (VT Analysis)The starting point is from the TrendMicro blog. I will take a look at joxinu[.]com, dodefoh[.]com, and pawevi[.]com, and I will try to find out if the Threat Actor deployed additional C2’s on the same hosting provider, subnets, and IP range.Press enter or click to view image in full sizehttps://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.ht…
