Have been trying to connect to multiple DMZ servers and exploiting log4j vulnerability (CVE-2021-442 ...
show moreHave been trying to connect to multiple DMZ servers and exploiting log4j vulnerability (CVE-2021-44228)
show less
Our SOC has been able to confirm in their lab that the external host is behaving like a true positiv ...
show moreOur SOC has been able to confirm in their lab that the external host is behaving like a true positive cobalt strike server.
The raw log indicates that the executable "WJdlfEuPBp" is responsible for the blocked connection attempts.
show less
HackingExploited Host
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.