SYMBOLCOMMON_NAMEaka. SYNONYMS

Cobalt  (Back to overview)

aka: COBALT SPIDER, Cobalt Gang, Cobalt Group, G0080, GOLD KINGSWOOD, Mule Libra

A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. The group has been active since June 2016, and their latest attacks happened in July and August.


Associated Families
js.more_eggs win.atmspitter win.cobint win.lokipws win.formbook win.pony win.cobalt_strike

References
2024-05-23CheckpointCheckpoint Research
Sharp dragon expands towards africa and the caribbean
5.t Downloader Cobalt Strike
2024-05-23Check PointCheck Point
Chinese Espionage Campaign Expands to Target Africa and The Caribbean
5.t Downloader Cobalt Strike
2024-05-15MicrosoftMicrosoft Threat Intelligence
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Black Basta Cobalt Strike QakBot
2024-05-14Check Point ResearchAntonis Terefos, Tera0017
Foxit PDF “Flawed Design” Exploitation
Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm
2024-05-14KasperskyBoris Larin, Mert Degirmenci
QakBot attacks with Windows zero-day (CVE-2024-30051)
Cobalt Strike QakBot
2024-05-10Rapid7 LabsEvan McCann, Thomas Elkins, Tyler McGraw
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
Black Basta Black Basta Cobalt Strike NetSupportManager RAT
2024-04-24SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover
Cobalt Strike SSLoad
2024-04-15Positive TechnologiesAleksandr Badaev, Kseniya Naumova
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm
2024-04-01The DFIR ReportThe DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion
Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader
2024-03-01Medium b.magnezi0xMrMagnezi
Malware Analysis - Cobalt Strike
Cobalt Strike
2024-02-28Security IntelligenceGolo Mühr, Ole Villadsen
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023
404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos
2024-02-09CensysCensys, Embee_research
A Beginners Guide to Tracking Malware Infrastructure
AsyncRAT BianLian Cobalt Strike QakBot
2024-02-08YouTube (Embee Research)Embee_research
Cobalt Strike Decoding and C2 Extraction - 3 Minute Malware Analysis Speedrun
Cobalt Strike
2024-01-24Medium shaddy43Shayan Ahmed Khan
Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
Xloader Formbook
2024-01-13YouTube (Embee Research)Embee_research
Cobalt Strike Shellcode Analysis and C2 Extraction
Cobalt Strike
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2024-01-09Recorded FutureInsikt Group
2023 Adversary Infrastructure Report
AsyncRAT Cobalt Strike Emotet PlugX ShadowPad
2024-01-04NetresecErik Hjelmvik
Hunting for Cobalt Strike in PCAP
Cobalt Strike
2023-12-20Twitter (@embee_research)Embee_research
Defeating Obfuscated Malware Scripts - Cobalt Strike
Cobalt Strike
2023-12-19Twitter (@embee_research)Embee_research
Free Ghidra Tutorials for Beginners
Cobalt Strike DarkGate
2023-12-08Twitter (@embee_research)Embee_research
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction
Cobalt Strike
2023-12-04The DFIR ReportThe DFIR Report
SQL Brute Force leads to Bluesky Ransomware
BlueSky Cobalt Strike
2023-11-19Twitter (@embee_research)Embee_research
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike
Amadey Cobalt Strike RedLine Stealer SmokeLoader
2023-11-14Medium joshuapenny88Joshua Penny
HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED
Hook Hydra Cobalt Strike SectopRAT
2023-11-10NSFOCUSNSFOCUS
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
Cobalt Strike Konni DarkCasino Opal Sleet
2023-11-07SOCRadarSOCRadar
New Gootloader Variant “GootBot” Changes the Game in Malware Tactics
GootLoader Cobalt Strike UNC2565
2023-11-06Twitter (@embee_research)Embee_research
Unpacking Malware With Hardware Breakpoints - Cobalt Strike
Cobalt Strike
2023-11-01nccgroupMick Koomen
Popping Blisters for research: An overview of past payloads and exploring recent developments
Blister Cobalt Strike
2023-10-23Twitter (@embee_research)Embee_research
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation
Cobalt Strike
2023-10-20Twitter (@embee_research)Embee_research
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation
Cobalt Strike
2023-10-18Twitter (@embee_research)Embee_research
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-12NetresecErik Hjelmvik
Forensic Timeline of an IcedID Infection
Cobalt Strike IcedID IcedID Downloader
2023-10-10SymantecThreat Hunter Team
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan
Cobalt Strike Havoc MimiKatz Grayling
2023-10-03Malware Traffic AnalysisBrad Duncan
2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike
Cobalt Strike Pikabot
2023-09-22MandiantDan Black, Josh Atkins, Luke Jenkins
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29)
2023-09-22Palo Alto Networks Unit 42Lior Rochberger, Robert Falcone, Tom Fakterman
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda
Cobalt Strike MimiKatz RemCom ShadowPad TONESHELL
2023-09-12ANSSIANSSI
FIN12: A Cybercriminal Group with Multiple Ransomware
BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC
2023-08-30Trend MicroGilbert Sison, Hara Hiroaki, Lenart Bermejo, Leon M Chang, Ted Lee
Earth Estries Targets Government, Tech for Cyberespionage
Cobalt Strike HemiGate Earth Estries
2023-08-28The DFIR ReportThe DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware
Cobalt Strike IcedID Nokoyawa Ransomware
2023-08-18TEAMT5Still Hsu, Zih-Cing Liao
Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia
CatB Cobalt Strike DoorMe GIMMICK
2023-08-18d01aMohamed Adel
Understanding Syscalls: Direct, Indirect, and Cobalt Strike Implementation
Cobalt Strike
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader BRONZE STARLIGHT
2023-08-07Recorded FutureInsikt Group
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca
2023-07-29GoogleGoogle Cybersecurity Action Team
Threat Horizons August 2023 Threat Horizons Report
SharkBot Cobalt Strike
2023-07-12FortinetCara Lin
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros
Loki Password Stealer (PWS)
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-07-07Lab52Lab52
Beyond appearances: unknown actor using APT29’s TTP against Chinese users
Cobalt Strike
2023-07-06kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] Examining Formbook Campaign via Phishing Emails
Formbook
2023-06-30K7 SecurityDhanush
Cobalt Strike’s Deployment with Hardware Breakpoint for AMSI Bypass
Cobalt Strike
2023-06-30Github (itaymigdal)Itay Migdal
Formbook unpacking
Formbook
2023-06-15eSentireRussianPanda
eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Rhadamanthys WarmCookie
2023-06-10The DFIR ReportThe DFIR Report
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
BlackCat Cobalt Strike IcedID
2023-06-08Twitter (@embee_research)Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-06-08VMRayPatrick Staubmann
Busy Bees - The Transformation of BumbleBee
BumbleBee Cobalt Strike Conti Meterpreter Sliver
2023-06-05Malware Traffic AnalysisBrad Duncan
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05
Formbook
2023-05-11cocomelonccocomelonc
Malware development trick - part 28: Dump lsass.exe. Simple C++ example.
Cobalt Strike APT3 Keylogger
2023-04-20Github (dodo-sec)dodo-sec
An analysis of syscall usage in Cobalt Strike Beacons
Cobalt Strike
2023-04-20SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims
More_eggs
2023-04-20SecureworksCounter Threat Unit ResearchTeam
Bumblebee Malware Distributed Via Trojanized Installer Downloads
BumbleBee Cobalt Strike
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-10Check PointCheck Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-04-03The DFIR ReportThe DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware
Cobalt Strike IcedID Mount Locker
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-03-30Recorded FutureInsikt Group
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
KEYPLUG Cobalt Strike PlugX RedGolf
2023-03-30ZscalerBrett Stone-Gross, Javier Vicente, Nikolaos Pantazopoulos
Technical Analysis of Xloader’s Code Obfuscation in Version 4.3
Formbook
2023-03-30eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: BatLoader
BATLOADER Cobalt Strike ISFB SystemBC Vidar
2023-03-28ExaTrackExaTrack
Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts
HelloBot Melofee Winnti Cobalt Strike SparkRAT STOWAWAY
2023-03-16Trend MicroCedric Pernet, Jaromír Hořejší, Loseway Lu
IPFS: A New Data Frontier or a New Cybercriminal Hideout?
Agent Tesla Formbook RedLine Stealer Remcos
2023-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia
2023-03-10Security0wnageSecurity0wnage
How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples
More_eggs
2023-03-01ZscalerMeghraj Nandanwar, Shatak Jain
OneNote: A Growing Threat for Malware Distribution
AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer
2023-02-28ANY.RUNANY.RUN
XLoader/FormBook: Encryption Analysis and Malware Decryption
Formbook
2023-02-23BitdefenderBitdefender Team, Martin Zugec
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel
2023-02-22SymantecSymantec Threat Hunter Team
Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia
Cobalt Strike
2023-02-14CybereasonCybereason Incident Response (IR) team
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
GootLoader Cobalt Strike SystemBC
2023-02-13AhnLabkingkimgim
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign
Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit
2023-02-13KrollLaurie Iacono, Stephen Green
Royal Ransomware Deep Dive
Cobalt Strike Royal Ransom
2023-02-08Trend MicroTed Lee
Earth Zhulong: Familiar Patterns Target Southeast Asian Firms
Cobalt Strike MACAMAX 1937CN
2023-02-03MandiantGenevieve Stark, Kimberly Goody
Float Like a Butterfly Sting Like a Bee
BazarBackdoor BumbleBee Cobalt Strike
2023-02-02KrollElio Biasiotto, Stephen Green
Hive Ransomware Technical Analysis and Initial Access Discovery
BATLOADER Cobalt Strike Hive
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-24FortinetGeri Revay
The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-24TrellixDaksh Kapur, John Fokker, Robert Venal, Tomer Shloman
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-24eSentireJoe Stewart, Keegan Keplinger
Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2023-01-23KrollElio Biasiotto, Stephen Green
Black Basta – Technical Analysis
Black Basta Cobalt Strike MimiKatz QakBot SystemBC
2023-01-16IntrinsecIntrinsec
ProxyNotShell – OWASSRF – Merry Xchange
Cobalt Strike SystemBC
2023-01-05SymantecThreat Hunter Team
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle
2022-12-15MandiantMandiant
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
Cobalt Strike STOWAWAY
2022-12-08Cisco TalosTiago Pereira
Breaking the silence - Recent Truebot activity
Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport
2022-12-08TrustwaveDiana Lopera, Phil Hay, Rodel Mendrez
Trojanized OneNote Document Leads to Formbook Malware
Formbook
2022-12-06EuRepoCCamille Borrett, Kerstin Zettl-Schabath, Lena Rottinger
Conti/Wizard Spider
BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER
2022-12-02Palo Alto Networks Unit 42Bob Jung, Dominik Reichel, Esmid Idrizovic
Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike
2022-11-21MalwarebytesMalwarebytes
2022-11-21 Threat Intel Report
404 Keylogger Agent Tesla Formbook Hive Remcos
2022-11-15SOC PrimeVeronika Telychko
Somnia Malware Detection: UAC-0118 aka FRwL Launches Cyber Attacks Against Organizations in Ukraine Using Enhanced Malware Strains
Cobalt Strike Vidar UAC-0118
2022-11-09Trend MicroHara Hiroaki, Ted Lee
Hack the Real Box: APT41’s New Subgroup Earth Longzhi
Cobalt Strike MimiKatz Earth Longzhi
2022-11-03paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-11-03Group-IBRustam Mirkasymov
Financially motivated, dangerously activated: OPERA1ER APT in Africa
Cobalt Strike Common Raven
2022-11-03Github (chronicle)Chronicle
GCTI Open Source Detection Signatures
Cobalt Strike Sliver
2022-10-31CynetMax Malyutin
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware
Black Basta Cobalt Strike QakBot
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-10-13MicrosoftMicrosoft Threat Hunting, MSRC Team
Hunting for Cobalt Strike: Mining and plotting for fun and profit
Cobalt Strike
2022-10-12Trend MicroIan Kenefick, Lucas Silva, Nicole Hernandez
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike
Black Basta Brute Ratel C4 Cobalt Strike QakBot
2022-10-05FortinetXiaopeng Zhang
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II
Formbook RedLine Stealer
2022-10-03Check PointMarc Salinas Fernandez
Bumblebee: increasing its capacity and evolving its TTPs
BumbleBee Cobalt Strike Meterpreter Sliver Vidar
2022-10-03Trend MicroJaromír Hořejší, Joseph Chen
Water Labbu Abuses Malicious DApps to Steal Cryptocurrency
Cobalt Strike Water Labbu
2022-09-26The DFIR ReportThe DFIR Report
BumbleBee: Round Two
BumbleBee Cobalt Strike Meterpreter
2022-09-25YouTube (Arda Büyükkaya)Arda Büyükkaya
Cobalt Strike Shellcode Loader With Rust (YouTube)
Cobalt Strike
2022-09-19FortinetXiaopeng Zhang
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I
Formbook RedLine Stealer
2022-09-13AdvIntelAdvanced Intelligence
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-09-12The DFIR ReportThe DFIR Report
Dead or Alive? An Emotet Story
Cobalt Strike Emotet
2022-09-07GoogleGoogle Threat Analysis Group, Pierre-Marc Bureau
Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-09-07cybleCyble
Bumblebee Returns With New Infection Technique
BumbleBee Cobalt Strike
2022-09-06INCIBE-CERTINCIBE
Estudio del análisis de Nobelium
BEATDROP BOOMBOX Cobalt Strike EnvyScout Unidentified 099 (APT29 Dropbox Loader) VaporRage
2022-09-06CISACISA, FBI, MS-ISAC, US-CERT
Alert (AA22-249A) #StopRansomware: Vice Society
Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin
2022-09-06Didier StevensDidier Stevens
An Obfuscated Beacon – Extra XOR Layer
Cobalt Strike
2022-09-06cocomelonccocomelonc
Malware development tricks: parent PID spoofing. Simple C++ example.
Cobalt Strike Konni
2022-09-01Medium michaelkoczwaraMichael Koczwara
Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-09-01Trend MicroTrend Micro
Ransomware Spotlight Black Basta
Black Basta Cobalt Strike MimiKatz QakBot
2022-08-30eSentireeSentire Threat Response Unit (TRU)
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire
Cobalt Strike FiveHands UNC2447
2022-08-29360 netlabwanghao
PureCrypter Loader continues to be active and has spread to more than 10 other families
404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer
2022-08-25SentinelOneJim Walter
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
BlueSky Cobalt Strike JuicyPotato
2022-08-25ExpelAndrew Jerry, Kyle Pellett
MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs
2022-08-22MicrosoftMicrosoft
Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-08-19nccgroupRoss Inman
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
FAKEUPDATES Cobalt Strike LockBit
2022-08-18NSFOCUSNSFOCUS
New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy
Cobalt Strike
2022-08-18Group-IBNikita Rostovtsev
APT41 World Tour 2021 on a tight schedule
Cobalt Strike
2022-08-18SophosSean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-17CybereasonCybereason Global SOC Team
Bumblebee Loader – The High Road to Enterprise Domain Control
BumbleBee Cobalt Strike
2022-08-17SecureworksCounter Threat Unit ResearchTeam
DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer
2022-08-12SANS ISCBrad Duncan
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-08-11Malcatmalcat team
LNK forensic and config extraction of a cobalt strike beacon
Cobalt Strike
2022-08-11SecurityScorecardRobert Ames
The Increase in Ransomware Attacks on Local Governments
BlackCat BlackCat Cobalt Strike LockBit
2022-08-10WeixinRed Raindrop Team
Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe
BumbleBee Cobalt Strike
2022-08-08Medium CSIS TechblogBenoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-08The DFIR ReportThe DFIR Report
BumbleBee Roasts Its Way to Domain Admin
BumbleBee Cobalt Strike
2022-08-050xIvanTwitter (@viljoenivan)
LokiBot Analysis
Loki Password Stealer (PWS)
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-08-04ConnectWiseStu Gonzalez
Formbook and Remcos Backdoor RAT by ConnectWise CRU
Formbook Remcos
2022-08-03Palo Alto Networks Unit 42Brad Duncan
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka
2022-07-30cocomelonc
Malware AV evasion - part 8. Encode payload via Z85
Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector
2022-07-28SentinelOneJames Haughom, Julien Reisdorffer, Júlio Dantas
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-27ReversingLabsJoseph Edwards
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
Cobalt Strike MimiKatz
2022-07-27cybleCyble Research Labs
Targeted Attacks Being Carried Out Via DLL SideLoading
Cobalt Strike QakBot
2022-07-27Trend MicroBuddy Tancio, Jed Valderama
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Cobalt Strike GootKit Kronos REvil SunCrypt
2022-07-25Cert-UACert-UA
Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)
404 Keylogger Formbook RelicRace
2022-07-22Binary NinjaXusheng Li
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
Cobalt Strike
2022-07-20NVISO LabsSasja Reynaert
Analysis of a trojanized jQuery script: GootLoader unleashed
GootLoader Cobalt Strike
2022-07-20U.S. Cyber CommandCyber National Mission Force Public Affairs
Cyber National Mission Force discloses IOCs from Ukrainian networks
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-07-20Advanced IntelligenceMarley Smith, Vitali Kremez, Yelisey Boguslavskiy
Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion
Cobalt Strike
2022-07-20MandiantMandiant Threat Intelligence
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-18Palo Alto Networks Unit 42Unit 42
Obscure Serpens
Cobalt Strike Empire Downloader Meterpreter MimiKatz DarkHydrus
2022-07-18CensysCensys
Russian Ransomware C2 Network Discovered in Censys Data
Cobalt Strike DeimosC2 MimiKatz PoshC2
2022-07-18Palo Alto Networks Unit 42Unit 42
Mule Libra
Carbanak Cobalt
2022-07-13Malwarebytes LabsHossein Jazi, Roberto Santos
Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
Cobalt Strike
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-12CyrenKervin Alintanahin
Example Analysis of Multi-Component Malware
Emotet Formbook
2022-07-11Cert-UACert-UA
UAC-0056 attack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4941)
Cobalt Strike
2022-07-07SANS ISCBrad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-07-07IBMCharlotte Hammond, Kat Weinberger, Ole Villadsen
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter
2022-07-06Cert-UACert-UA
UAC-0056 cyberattack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4914)
Cobalt Strike
2022-07-01cybleCyble
Xloader Returns With New Infection Technique
Formbook
2022-06-30CYBER GEEKS All Things InfosecCyberMasterV
How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)
2022-06-30Trend MicroEmmanuel Panopio, James Panlilio, John Kenneth Reyes, Kenneth Adrian Apostol, Melvin Singwa, Mirah Manlapig, Paolo Ronniel Labrador
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
Black Basta Cobalt Strike QakBot
2022-06-30Cyber Geeks (CyberMasterV)Vlad Pasca
How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)
2022-06-28LumenBlack Lotus Labs
ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
ZuoRAT Cobalt Strike
2022-06-27Kaspersky ICS CERTArtem Snegirev, Kirill Kruglov
Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad
2022-06-26BushidoToken
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike CredoMap EnvyScout
2022-06-23cybleCyble Research Labs
Matanbuchus Loader Resurfaces
Cobalt Strike Matanbuchus
2022-06-23SecureworksCounter Threat Unit ResearchTeam
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT
2022-06-21Cisco TalosChris Neal, Flavio Costa, Guilherme Venere
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-06-20Cert-UACert-UA
UAC-0098 group cyberattack on critical infrastructure of Ukraine (CERT-UA#4842)
Cobalt Strike
2022-06-17SANS ISCBrad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-06-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134
Kinsing Mirai Cobalt Strike Lilac Typhoon
2022-06-07AdvIntelMarley Smith, Vitali Kremez, Yelisey Boguslavskiy
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive
BlackCat BlackCat Cobalt Strike
2022-06-07cybleCyble
Bumblebee Loader on The Rise
BumbleBee Cobalt Strike
2022-06-06TrellixTrelix
Growling Bears Make Thunderous Noise
Cobalt Strike HermeticWiper WhisperGate NB65
2022-06-04kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] CobaltStrike SMB Beacon Analysis
Cobalt Strike
2022-06-03AttackIQAttackIQ Adversary Research Team, Jackson Wells
Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group
Cobalt Strike MimiKatz
2022-06-02MandiantMandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-06-02MandiantMandiant Intelligence
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-06-01ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Salim Bitam, Seth Goodwin
CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC
2022-05-25Medium walmartglobaltechJason Reaves, Joshua Platt
SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT
2022-05-24BitSightBitSight, João Batista, Pedro Umbelino
Emotet Botnet Rises Again
Cobalt Strike Emotet QakBot SystemBC
2022-05-24The Hacker NewsFlorian Goutin
Malware Analysis: Trickbot
Cobalt Strike Conti Ryuk TrickBot
2022-05-22R136a1Dominik Reichel
Introduction of a PE file extractor for various situations
Cobalt Strike Matanbuchus
2022-05-20sonatypeAx Sharma
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
Cobalt Strike
2022-05-20CybleincCyble
Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
Cobalt Strike
2022-05-20AhnLabASEC
Why Remediation Alone Is Not Enough When Infected by Malware
Cobalt Strike DarkSide
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19InfoSec Handlers Diary BlogBrad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-18PRODAFT Threat IntelligencePRODAFT
Wizard Spider In-Depth Analysis
Cobalt Strike Conti WIZARD SPIDER
2022-05-17Trend MicroTrend Micro Research
Ransomware Spotlight: RansomEXX
LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot
2022-05-12Intel 471Intel 471
What malware to look for if you want to prevent a ransomware attack
Conti BumbleBee Cobalt Strike IcedID Sliver
2022-05-12Red CanaryLauren Podber, Tony Lambert
The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike
2022-05-12Red CanaryLauren Podber, Tony Lambert
Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-05-12TEAMT5Leon Chang, Silvia Yeh
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu
2022-05-11InfoSec Handlers Diary BlogBrad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
BumbleBee Cobalt Strike IcedID PhotoLoader
2022-05-11NTTRyu Hiyoshi
Operation RestyLink: Targeted attack campaign targeting Japanese companies
Cobalt Strike
2022-05-10Marco Ramilli's BlogMarco Ramilli
A Malware Analysis in RU-AU conflict
Cobalt Strike
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09cocomelonccocomelonc
Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-09TEAMT5TeamT5
Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services
Cobalt Strike
2022-05-09The DFIR ReportThe DFIR Report
SEO Poisoning – A Gootloader Story
GootLoader LaZagne Cobalt Strike GootKit
2022-05-08IronNetBrent Eskridge, Joey Fitzpatrick, Michael Leardi
Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
Cobalt Strike
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-05-06The Hacker NewsRavie Lakshmanan
This New Fileless Malware Hides Shellcode in Windows Event Logs
Cobalt Strike
2022-05-05Cisco TalosAliza Berk, Asheer Malhotra, Jung soo An, Justin Thattil, Kendall McKay
Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX Unidentified 094
2022-05-04KasperskyDenis Legezo
A new secret stash for “fileless” malware
Cobalt Strike
2022-05-04Twitter (@felixw3000)Felix
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader
2022-05-03Recorded FutureInsikt Group®
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike EnvyScout
2022-05-03Cluster25Cluster25
The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie
2022-05-03Recorded FutureInsikt Group
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike
2022-05-02Cisco TalosJAIME FILSON, Kendall McKay, Paul Eubanks
Conti and Hive ransomware operations: Leveraging victim chats for insights
Cobalt Strike Conti Hive
2022-05-02MacnicaHiroshi Takeuchi
Attack Campaigns that Exploit Shortcuts and ISO Files
Cobalt Strike
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen
2022-04-28MandiantAnders Vejlby, John Wolfram, Nick Simonian, Sarah Hawley, Tyler McLellan
Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka
2022-04-27ANSSIANSSI
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
2022-04-27MandiantMandiant
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Cobalt Strike Raindrop SUNBURST TEARDROP
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-27Sentinel LABSJames Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-27Sentinel LABSJames Haughom, Jim Walter, Júlio Dantas
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-26Trend MicroLord Alfred Remorin, Ryan Flores, Stephen Hilt
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT
2022-04-26Intel 471Intel 471
Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-25The DFIR ReportThe DFIR Report
Quantum Ransomware
Cobalt Strike IcedID
2022-04-25MorphisecMorphisec Labs
New Core Impact Backdoor Delivered Via VMware Vulnerability
Cobalt Strike JSSLoader
2022-04-21ZeroSecAndy Gill
Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6
Cobalt Strike
2022-04-21eSentireeSentire Threat Response Unit (TRU)
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK
2022-04-19Blake's R&Dbmcder02
Extracting Cobalt Strike from Windows Error Reporting
Cobalt Strike
2022-04-19VaronisNadav Ovadia
Hive Ransomware Analysis
Cobalt Strike Hive MimiKatz
2022-04-18AdvIntelVitali Kremez, Yelisey Boguslavskiy
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group
AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt
2022-04-18SentinelOneJames Haughom
From the Front Lines | Peering into A PYSA Ransomware Attack
Chisel Chisel Cobalt Strike Mespinoza
2022-04-18vanmieghemVincent Van Mieghem
A blueprint for evading industry leading endpoint protection in 2022
Cobalt Strike
2022-04-17Malcatmalcat team
Reversing a NSIS dropper using quick and dirty shellcode emulation
Loki Password Stealer (PWS)
2022-04-14CynetMax Malyutin
Orion Threat Alert: Flight of the BumbleBee
BumbleBee Cobalt Strike
2022-04-13ESET ResearchJean-Ian Boutin, Tomáš Procházka
ESET takes part in global operation to disrupt Zloader botnets
Cobalt Strike Zloader
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-08Infinitum LabsArda Büyükkaya
Threat Spotlight: Conti Ransomware Group Behind the Karakurt Hacking Team
Cobalt Strike MimiKatz
2022-04-07splunkSplunk Threat Research Team
You Bet Your Lsass: Hunting LSASS Access
Cobalt Strike MimiKatz
2022-04-07InQuestNick Chalard, Will MacArthur
Ukraine CyberWar Overview
CyclopsBlink Cobalt Strike GraphSteel GrimPlant HermeticWiper HermeticWizard MicroBackdoor PartyTicket Saint Bot Scieron WhisperGate
2022-04-06Github (infinitumlabs)Arda Büyükkaya
Karakurt Hacking Team Indicators of Compromise (IOC)
Cobalt Strike
2022-04-04MandiantBrendan McKeague, Bryce Abdo, Ioana Teaca, Zander Work
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-31SC MediaSC Staff
Novel obfuscation leveraged by Hive ransomware
Cobalt Strike Hive
2022-03-30Bleeping ComputerBill Toulas
Phishing campaign targets Russian govt dissidents with Cobalt Strike
Unidentified PS 002 (RAT) Cobalt Strike
2022-03-30PrevailionPrevailion
Wizard Spider continues to confound
BazarBackdoor Cobalt Strike Emotet
2022-03-29Malwarebytes LabsHossein Jazi
New spear phishing campaign targets Russian dissidents
Unidentified PS 002 (RAT) Cobalt Strike
2022-03-29SentinelOneAntonis Terefos, James Haughom, Jeff Cavanaugh, Jim Walter, Nick Fox, Shai Tilias
From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
Cobalt Strike Hive
2022-03-28Medium walmartglobaltechJason Reaves
CobaltStrike UUID stager
Cobalt Strike
2022-03-25nccgroupYun Zheng Hu
Mining data from Cobalt Strike beacons
Cobalt Strike
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-22Red CanaryRed Canary
2022 Threat Detection Report
FAKEUPDATES Silver Sparrow BazarBackdoor Cobalt Strike GootKit Yellow Cockatoo RAT
2022-03-22NVISO LabsDidier Stevens
Cobalt Strike: Overview – Part 7
Cobalt Strike
2022-03-21Threat PostLisa Vaas
Conti Ransomware V. 3, Including Decryptor, Leaked
Cobalt Strike Conti TrickBot
2022-03-21eSentireeSentire Threat Response Unit (TRU)
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered
HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID
2022-03-17GoogleBenoit Sevens, Google Threat Analysis Group, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-03-16paloalto Netoworks: Unit42Andrew Guan, Chris Navarrete, Durgesh Sangvikar, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike
2022-03-16SANS ISCBrad Duncan
Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-15PrevailionMatt Stafford, Sherman Smith