{
	"id": "b94cd485-7b5a-4cb2-baad-6c4868aa4dfa",
	"created_at": "2026-04-10T03:22:06.817302Z",
	"updated_at": "2026-04-10T03:22:19.684269Z",
	"deleted_at": null,
	"sha1_hash": "351220a5eab32bfc362db1316dc6a942d92be2ad",
	"title": "Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 750463,
	"plain_text": "Mapping and Pivoting from Cobalt Strike C2 Infrastructure\r\nAttributed to CVE-2021-40444\r\nBy Michael Koczwara\r\nPublished: 2021-09-15 · Archived: 2026-04-10 03:13:29 UTC\r\nMember-only story\r\nMichael Koczwara\r\n11 min read\r\nSep 12, 2021\r\nPress enter or click to view image in full size\r\nhttps://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a\r\nPage 1 of 3\n\nThreat Actors Infrastructure (VT Analysis).\r\nPivoting from 45.147.229[.]242\r\nPivoting from 104.194.10[.]21\r\nPivoting from 45.153.240[.]220\r\nShort summary and IOC’s.\r\nPress enter or click to view image in full size\r\nhttps://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a\r\nPage 2 of 3\n\nThreat Actors Cobalt Strike C2 Infrastructure\r\nCobalt Strike C2 Infrastructure possibly attributed to CVE-2021-40444\r\nEdit description\r\ndrive.google.com\r\nThreat Actors Infrastructure (VT Analysis)\r\nThe starting point is from the TrendMicro blog. I will take a look at joxinu[.]com, dodefoh[.]com, and\r\npawevi[.]com, and I will try to find out if the Threat Actor deployed additional C2’s on the same hosting provider,\r\nsubnets, and IP range.\r\nPress enter or click to view image in full size\r\nhttps://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.ht…\r\nSource: https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd6\r\n8a\r\nhttps://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://michaelkoczwara.medium.com/mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a"
	],
	"report_names": [
		"mapping-and-pivoting-cobalt-strike-c2-infrastructure-attributed-to-cve-2021-40444-438786fcd68a"
	],
	"threat_actors": [],
	"ts_created_at": 1775791326,
	"ts_updated_at": 1775791339,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/351220a5eab32bfc362db1316dc6a942d92be2ad.pdf",
		"text": "https://archive.orkl.eu/351220a5eab32bfc362db1316dc6a942d92be2ad.txt",
		"img": "https://archive.orkl.eu/351220a5eab32bfc362db1316dc6a942d92be2ad.jpg"
	}
}