← Library
kqlElastic-2.0from elastic/detection-rules

Default Cobalt Strike Team Server Certificate

Quality
92
FP risk
Forks
0
Views
0
ATT&CK techniques
T1071T1071.001T1573
Rule sourcerules/network/command_and_control_cobalt_strike_default_teamserver_cert.toml
(data_stream.dataset: network_traffic.tls or event.category: (network or network_traffic))
  and (tls.server.hash.md5:950098276A495286EB2A2556FBAB6D83
  or tls.server.hash.sha1:6ECE5ECE4192683D2D84E25B0BA7E04F9CB7EB7C
  or tls.server.hash.sha256:87F2085C32B6A2CC709B365F55873E207A9CAA10BFFECF2FD16D3CF9D94D390C)