SYMBOL | COMMON_NAME | aka. SYNONYMS |
A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. The group has been active since June 2016, and their latest attacks happened in July and August.
2024-11-13
⋅
TEHTRIS
⋅
Cracking Formbook malware: Blind deobfuscation and quick response techniques Formbook |
2024-11-12
⋅
Recorded Future
⋅
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike Cobalt Strike |
2024-11-07
⋅
Logpoint
⋅
Hiding in Plain Sight: The Subtle Art of Loki Malware’s Obfuscation Loki Password Stealer (PWS) |
2024-10-31
⋅
Hunt.io
⋅
Tricks, Treats, and Threats: Cobalt Strike & the Goblin Lurking in Plain Sight Cobalt Strike |
2024-10-24
⋅
Seqrite
⋅
Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan Cobalt Strike Operation Cobalt Whisper |
2024-10-23
⋅
Cisco Talos
⋅
Highlighting TA866/Asylum Ambuscade Activity Since 2021 WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie |
2024-10-23
⋅
Cisco Talos
⋅
Threat Spotlight: WarmCookie/BadSpace Cobalt Strike csharp-streamer RAT WarmCookie |
2024-09-19
⋅
Trend Micro
⋅
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC (IoCs) Cobalt Strike Earth Baxia |
2024-09-19
⋅
Trend Micro
⋅
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Cobalt Strike Earth Baxia |
2024-08-29
⋅
Securonix
⋅
From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users Cobalt Strike MimiKatz |
2024-08-26
⋅
The DFIR Report
⋅
BlackSuit Ransomware BlackSuit Cobalt Strike SystemBC |
2024-08-23
⋅
TEAMT5
⋅
Sailing the Seven SEAs: Deep Dive into Polaris' Arsenal and Intelligence Insights Cobalt Strike Hodur PlugX TONESHELL |
2024-08-23
⋅
ITOCHU
⋅
Pirates of The Nang Hai: Follow the Artifacts No One Know Cobalt Strike Xiangoop |
2024-08-22
⋅
⋅
NTT
⋅
AppDomainManager Injectionを悪用したマルウェアによる攻撃について Cobalt Strike Earth Baxia |
2024-08-21
⋅
TG Soft
⋅
Chinese APT abuses MSC files with GrimResource vulnerability Cobalt Strike Earth Baxia |
2024-08-04
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike Downloader Script With CyberChef Cobalt Strike |
2024-07-25
⋅
SOC Prime
⋅
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon Cobalt Strike PicassoLoader Ghostwriter |
2024-07-22
⋅
Censys
⋅
A Beginner’s Guide to Hunting Malicious Open Directories Cobalt Strike Lumma Stealer Vidar |
2024-07-18
⋅
Mandiant
⋅
APT41 Has Arisen From the DUST Cobalt Strike |
2024-07-16
⋅
Recorded Future
⋅
TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies Cobalt Strike |
2024-07-10
⋅
Zscaler
⋅
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 Cobalt Strike DUSTPAN DUSTTRAP |
2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
2024-06-21
⋅
Elastic
⋅
GrimResource - Microsoft Management Console for initial access and evasion Cobalt Strike |
2024-06-15
⋅
Medium b.magnezi
⋅
Malware Analysis FormBook Formbook |
2024-06-10
⋅
The Hacker News
⋅
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack More_eggs |
2024-05-23
⋅
Checkpoint
⋅
Sharp dragon expands towards africa and the caribbean 5.t Downloader Cobalt Strike |
2024-05-23
⋅
Check Point
⋅
Chinese Espionage Campaign Expands to Target Africa and The Caribbean 5.t Downloader Cobalt Strike |
2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot |
2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
2024-05-14
⋅
Kaspersky
⋅
QakBot attacks with Windows zero-day (CVE-2024-30051) Cobalt Strike QakBot |
2024-05-10
⋅
Rapid7 Labs
⋅
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Black Basta Black Basta Cobalt Strike NetSupportManager RAT |
2024-04-24
⋅
Securonix
⋅
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover Cobalt Strike Latrodectus |
2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
2024-04-01
⋅
The DFIR Report
⋅
From OneNote to RansomNote: An Ice Cold Intrusion Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader |
2024-03-01
⋅
Medium b.magnezi
⋅
Malware Analysis - Cobalt Strike Cobalt Strike |
2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
2024-02-09
⋅
Censys
⋅
A Beginners Guide to Tracking Malware Infrastructure AsyncRAT BianLian Cobalt Strike QakBot |
2024-02-08
⋅
YouTube (Embee Research)
⋅
Cobalt Strike Decoding and C2 Extraction - 3 Minute Malware Analysis Speedrun Cobalt Strike |
2024-01-26
⋅
Trendmicro
⋅
Spot the Difference: An Analysis of the New LODEINFO Campaign by Earth Kasha Anel Cobalt Strike LODEINFO NOOPDOOR |
2024-01-24
⋅
Medium shaddy43
⋅
Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution Xloader Formbook |
2024-01-13
⋅
YouTube (Embee Research)
⋅
Cobalt Strike Shellcode Analysis and C2 Extraction Cobalt Strike |
2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
2024-01-09
⋅
Recorded Future
⋅
2023 Adversary Infrastructure Report AsyncRAT Cobalt Strike Emotet PlugX ShadowPad |
2024-01-04
⋅
Netresec
⋅
Hunting for Cobalt Strike in PCAP Cobalt Strike |
2023-12-20
⋅
Twitter (@embee_research)
⋅
Defeating Obfuscated Malware Scripts - Cobalt Strike Cobalt Strike |
2023-12-19
⋅
Twitter (@embee_research)
⋅
Free Ghidra Tutorials for Beginners Cobalt Strike DarkGate |
2023-12-08
⋅
Twitter (@embee_research)
⋅
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction Cobalt Strike |
2023-12-04
⋅
The DFIR Report
⋅
SQL Brute Force leads to Bluesky Ransomware BlueSky Cobalt Strike |
2023-11-19
⋅
Twitter (@embee_research)
⋅
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
2023-11-14
⋅
Medium joshuapenny88
⋅
HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED Hook Hydra Cobalt Strike SectopRAT |
2023-11-10
⋅
NSFOCUS
⋅
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits Cobalt Strike Konni DarkCasino Opal Sleet |
2023-11-07
⋅
SOCRadar
⋅
New Gootloader Variant “GootBot” Changes the Game in Malware Tactics GootLoader Cobalt Strike UNC2565 |
2023-11-06
⋅
Twitter (@embee_research)
⋅
Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
2023-11-01
⋅
nccgroup
⋅
Popping Blisters for research: An overview of past payloads and exploring recent developments Blister Cobalt Strike |
2023-10-23
⋅
Twitter (@embee_research)
⋅
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
2023-10-20
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
2023-10-18
⋅
Twitter (@embee_research)
⋅
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-10-12
⋅
Netresec
⋅
Forensic Timeline of an IcedID Infection Cobalt Strike IcedID IcedID Downloader |
2023-10-10
⋅
Symantec
⋅
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan Cobalt Strike Havoc MimiKatz Grayling |
2023-10-03
⋅
Malware Traffic Analysis
⋅
2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike Cobalt Strike Pikabot |
2023-09-22
⋅
Mandiant
⋅
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29) |
2023-09-22
⋅
Palo Alto Networks Unit 42
⋅
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda Cobalt Strike MimiKatz RemCom ShadowPad TONESHELL |
2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
2023-08-30
⋅
Trend Micro
⋅
Earth Estries Targets Government, Tech for Cyberespionage Cobalt Strike HemiGate Earth Estries |
2023-08-28
⋅
The DFIR Report
⋅
HTML Smuggling Leads to Domain Wide Ransomware Cobalt Strike IcedID Nokoyawa Ransomware |
2023-08-18
⋅
TEAMT5
⋅
Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia CatB Cobalt Strike DoorMe GIMMICK |
2023-08-18
⋅
d01a
⋅
Understanding Syscalls: Direct, Indirect, and Cobalt Strike Implementation Cobalt Strike |
2023-08-17
⋅
SentinelOne
⋅
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector Cobalt Strike HUI Loader BRONZE STARLIGHT |
2023-08-07
⋅
Recorded Future
⋅
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca |
2023-07-29
⋅
Google
⋅
Threat Horizons August 2023 Threat Horizons Report SharkBot Cobalt Strike |
2023-07-12
⋅
Fortinet
⋅
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros Loki Password Stealer (PWS) |
2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-07-07
⋅
Lab52
⋅
Beyond appearances: unknown actor using APT29’s TTP against Chinese users Cobalt Strike |
2023-07-06
⋅
kienmanowar Blog
⋅
[QuickNote] Examining Formbook Campaign via Phishing Emails Formbook |
2023-06-30
⋅
K7 Security
⋅
Cobalt Strike’s Deployment with Hardware Breakpoint for AMSI Bypass Cobalt Strike |
2023-06-30
⋅
Github (itaymigdal)
⋅
Formbook unpacking Formbook |
2023-06-16
⋅
SOC Prime
⋅
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution Cobalt Strike PicassoLoader Ghostwriter |
2023-06-15
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: Resident Campaign Cobalt Strike Resident Rhadamanthys WarmCookie |
2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
2023-06-08
⋅
VMRay
⋅
Busy Bees - The Transformation of BumbleBee BumbleBee Cobalt Strike Conti Meterpreter Sliver |
2023-06-05
⋅
Malware Traffic Analysis
⋅
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05 Formbook |
2023-05-11
⋅
cocomelonc
⋅
Malware development trick - part 28: Dump lsass.exe. Simple C++ example. Cobalt Strike APT3 Keylogger |
2023-04-20
⋅
Github (dodo-sec)
⋅
An analysis of syscall usage in Cobalt Strike Beacons Cobalt Strike |
2023-04-20
⋅
Securonix
⋅
New OCX#HARVESTER Attack Campaign Leverages a Modernized More_eggs Suite to Target Victims More_eggs |
2023-04-20
⋅
Secureworks
⋅
Bumblebee Malware Distributed Via Trojanized Installer Downloads BumbleBee Cobalt Strike |
2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-04-03
⋅
The DFIR Report
⋅
Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-30
⋅
Recorded Future
⋅
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets KEYPLUG Cobalt Strike PlugX RedGolf |
2023-03-30
⋅
Zscaler
⋅
Technical Analysis of Xloader’s Code Obfuscation in Version 4.3 Formbook |
2023-03-30
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: BatLoader BATLOADER Cobalt Strike ISFB SystemBC Vidar |
2023-03-28
⋅
ExaTrack
⋅
Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts HelloBot Melofee Winnti Cobalt Strike SparkRAT STOWAWAY |
2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
2023-03-10
⋅
Medium walmartglobaltech
⋅
From Royal With Love Cobalt Strike Conti PLAY Royal Ransom Somnia |
2023-03-10
⋅
Security0wnage
⋅
How Do You Like Dem Eggs? I like Mine Scrambled, Really Scrambled - A Look at Recent more_eggs Samples More_eggs |
2023-03-01
⋅
Zscaler
⋅
OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
2023-02-28
⋅
ANY.RUN
⋅
XLoader/FormBook: Encryption Analysis and Malware Decryption Formbook |
2023-02-23
⋅
Bitdefender
⋅
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
2023-02-22
⋅
Symantec
⋅
Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia Cobalt Strike |
2023-02-14
⋅
Cybereason
⋅
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise GootLoader Cobalt Strike SystemBC |
2023-02-13
⋅
AhnLab
⋅
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit |
2023-02-13
⋅
Kroll
⋅
Royal Ransomware Deep Dive Cobalt Strike Royal Ransom |
2023-02-08
⋅
Trend Micro
⋅
Earth Zhulong: Familiar Patterns Target Southeast Asian Firms Cobalt Strike MACAMAX 1937CN |
2023-02-03
⋅
Mandiant
⋅
Float Like a Butterfly Sting Like a Bee BazarBackdoor BumbleBee Cobalt Strike |
2023-02-02
⋅
Kroll
⋅
Hive Ransomware Technical Analysis and Initial Access Discovery BATLOADER Cobalt Strike Hive |
2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-24
⋅
Fortinet
⋅
The Year of the Wiper Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2023-01-24
⋅
eSentire
⋅
Unmasking Venom Spider More_eggs TerraPreter TerraLoader VenomLNK |
2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
2023-01-16
⋅
Intrinsec
⋅
ProxyNotShell – OWASSRF – Merry Xchange Cobalt Strike SystemBC |
2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
2022-12-15
⋅
Mandiant
⋅
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government Cobalt Strike STOWAWAY |
2022-12-08
⋅
Cisco Talos
⋅
Breaking the silence - Recent Truebot activity Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport |
2022-12-08
⋅
Trustwave
⋅
Trojanized OneNote Document Leads to Formbook Malware Formbook |
2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
2022-12-02
⋅
Palo Alto Networks Unit 42
⋅
Blowing Cobalt Strike Out of the Water With Memory Analysis Cobalt Strike |
2022-11-21
⋅
Malwarebytes
⋅
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
2022-11-15
⋅
SOC Prime
⋅
Somnia Malware Detection: UAC-0118 aka FRwL Launches Cyber Attacks Against Organizations in Ukraine Using Enhanced Malware Strains Cobalt Strike Vidar UAC-0118 |
2022-11-09
⋅
Trend Micro
⋅
Hack the Real Box: APT41’s New Subgroup Earth Longzhi Cobalt Strike MimiKatz Earth Longzhi |
2022-11-03
⋅
paloalto Netoworks: Unit42
⋅
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild Cobalt Strike |
2022-11-03
⋅
Group-IB
⋅
Financially motivated, dangerously activated: OPERA1ER APT in Africa Cobalt Strike Common Raven |
2022-11-03
⋅
Github (chronicle)
⋅
GCTI Open Source Detection Signatures Cobalt Strike Sliver |
2022-10-31
⋅
Cynet
⋅
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware Black Basta Cobalt Strike QakBot |
2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-10-13
⋅
Microsoft
⋅
Hunting for Cobalt Strike: Mining and plotting for fun and profit Cobalt Strike |
2022-10-12
⋅
Trend Micro
⋅
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Black Basta Brute Ratel C4 Cobalt Strike QakBot |
2022-10-05
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II Formbook RedLine Stealer |
2022-10-03
⋅
Check Point
⋅
Bumblebee: increasing its capacity and evolving its TTPs BumbleBee Cobalt Strike Meterpreter Sliver Vidar |
2022-10-03
⋅
Trend Micro
⋅
Water Labbu Abuses Malicious DApps to Steal Cryptocurrency Cobalt Strike Water Labbu |
2022-09-26
⋅
The DFIR Report
⋅
BumbleBee: Round Two BumbleBee Cobalt Strike Meterpreter |
2022-09-25
⋅
YouTube (Arda Büyükkaya)
⋅
Cobalt Strike Shellcode Loader With Rust (YouTube) Cobalt Strike |
2022-09-19
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I Formbook RedLine Stealer |
2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
2022-09-12
⋅
The DFIR Report
⋅
Dead or Alive? An Emotet Story Cobalt Strike Emotet |
2022-09-07
⋅
Google
⋅
Initial access broker repurposing techniques in targeted attacks against Ukraine AnchorMail Cobalt Strike IcedID |
2022-09-07
⋅
cyble
⋅
Bumblebee Returns With New Infection Technique BumbleBee Cobalt Strike |
2022-09-06
⋅
⋅
INCIBE-CERT
⋅
Estudio del análisis de Nobelium BEATDROP BOOMBOX Cobalt Strike EnvyScout Unidentified 099 (APT29 Dropbox Loader) VaporRage |
2022-09-06
⋅
CISA
⋅
Alert (AA22-249A) #StopRansomware: Vice Society Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin |
2022-09-06
⋅
Didier Stevens
⋅
An Obfuscated Beacon – Extra XOR Layer Cobalt Strike |
2022-09-06
⋅
cocomelonc
⋅
Malware development tricks: parent PID spoofing. Simple C++ example. Cobalt Strike Konni |
2022-09-01
⋅
Medium michaelkoczwara
⋅
Hunting C2/Adversaries Infrastructure with Shodan and Censys Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver |
2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
2022-08-30
⋅
eSentire
⋅
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire Cobalt Strike FiveHands UNC2447 |
2022-08-29
⋅
⋅
360 netlab
⋅
PureCrypter Loader continues to be active and has spread to more than 10 other families 404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer |
2022-08-25
⋅
SentinelOne
⋅
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar BlueSky Cobalt Strike JuicyPotato |
2022-08-25
⋅
Expel
⋅
MORE_EGGS and Some LinkedIn Resumé Spearphishing More_eggs |
2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
2022-08-19
⋅
nccgroup
⋅
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack FAKEUPDATES Cobalt Strike LockBit |
2022-08-18
⋅
⋅
NSFOCUS
⋅
New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy Cobalt Strike |
2022-08-18
⋅
Group-IB
⋅
APT41 World Tour 2021 on a tight schedule Cobalt Strike |
2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-17
⋅
Cybereason
⋅
Bumblebee Loader – The High Road to Enterprise Domain Control BumbleBee Cobalt Strike |
2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
2022-08-12
⋅
SANS ISC
⋅
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
2022-08-11
⋅
Malcat
⋅
LNK forensic and config extraction of a cobalt strike beacon Cobalt Strike |
2022-08-11
⋅
SecurityScorecard
⋅
The Increase in Ransomware Attacks on Local Governments BlackCat BlackCat Cobalt Strike LockBit |
2022-08-10
⋅
⋅
Weixin
⋅
Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe BumbleBee Cobalt Strike |
2022-08-08
⋅
Medium CSIS Techblog
⋅
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
2022-08-08
⋅
The DFIR Report
⋅
BumbleBee Roasts Its Way to Domain Admin BumbleBee Cobalt Strike |
2022-08-05
⋅
0xIvan
⋅
LokiBot Analysis Loki Password Stealer (PWS) |
2022-08-04
⋅
YouTube (Arda Büyükkaya)
⋅
LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool Cobalt Strike LockBit |
2022-08-04
⋅
ConnectWise
⋅
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
2022-08-03
⋅
Palo Alto Networks Unit 42
⋅
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware BazarBackdoor BumbleBee Cobalt Strike Conti |
2022-08-02
⋅
Cisco Talos
⋅
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike Manjusaka Cobalt Strike Manjusaka |
2022-07-30
⋅
Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
2022-07-28
⋅
SentinelOne
⋅
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool Cobalt Strike LockBit |
2022-07-27
⋅
ReversingLabs
⋅
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks Cobalt Strike MimiKatz |
2022-07-27
⋅
cyble
⋅
Targeted Attacks Being Carried Out Via DLL SideLoading Cobalt Strike QakBot |
2022-07-27
⋅
Trend Micro
⋅
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike Cobalt Strike GootKit Kronos REvil SunCrypt |
2022-07-25
⋅
⋅
Cert-UA
⋅
Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056) 404 Keylogger Formbook RelicRace |
2022-07-22
⋅
Binary Ninja
⋅
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja Cobalt Strike |
2022-07-20
⋅
NVISO Labs
⋅
Analysis of a trojanized jQuery script: GootLoader unleashed GootLoader Cobalt Strike |
2022-07-20
⋅
U.S. Cyber Command
⋅
Cyber National Mission Force discloses IOCs from Ukrainian networks Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
2022-07-20
⋅
Advanced Intelligence
⋅
Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion Cobalt Strike |
2022-07-20
⋅
Mandiant
⋅
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
2022-07-19
⋅
Palo Alto Networks Unit 42
⋅
Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive Cobalt Strike EnvyScout Gdrive |
2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Obscure Serpens Cobalt Strike Empire Downloader Meterpreter MimiKatz DarkHydrus |
2022-07-18
⋅
Censys
⋅
Russian Ransomware C2 Network Discovered in Censys Data Cobalt Strike DeimosC2 MimiKatz PoshC2 |
2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Mule Libra Carbanak Cobalt |
2022-07-13
⋅
Malwarebytes Labs
⋅
Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign Cobalt Strike |
2022-07-13
⋅
Palo Alto Networks Unit 42
⋅
Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption Cobalt Strike |
2022-07-12
⋅
Cyren
⋅
Example Analysis of Multi-Component Malware Emotet Formbook |
2022-07-11
⋅
⋅
Cert-UA
⋅
UAC-0056 attack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4941) Cobalt Strike |
2022-07-07
⋅
SANS ISC
⋅
Emotet infection with Cobalt Strike Cobalt Strike Emotet |
2022-07-07
⋅
IBM
⋅
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter |
2022-07-06
⋅
⋅
Cert-UA
⋅
UAC-0056 cyberattack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4914) Cobalt Strike |
2022-07-01
⋅
cyble
⋅
Xloader Returns With New Infection Technique Formbook |
2022-06-30
⋅
CYBER GEEKS All Things Infosec
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-06-30
⋅
Trend Micro
⋅
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
2022-06-30
⋅
Cyber Geeks (CyberMasterV)
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-06-28
⋅
Lumen
⋅
ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks ZuoRAT Cobalt Strike |
2022-06-27
⋅
Kaspersky ICS CERT
⋅
Attacks on industrial control systems using ShadowPad Cobalt Strike PlugX ShadowPad |
2022-06-26
⋅
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022 Cobalt Strike CredoMap EnvyScout |
2022-06-23
⋅
cyble
⋅
Matanbuchus Loader Resurfaces Cobalt Strike Matanbuchus |
2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
2022-06-20
⋅
⋅
Cert-UA
⋅
UAC-0098 group cyberattack on critical infrastructure of Ukraine (CERT-UA#4842) Cobalt Strike |
2022-06-17
⋅
SANS ISC
⋅
Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
2022-06-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134 Kinsing Mirai Cobalt Strike Lilac Typhoon |
2022-06-07
⋅
AdvIntel
⋅
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive BlackCat BlackCat Cobalt Strike |
2022-06-07
⋅
cyble
⋅
Bumblebee Loader on The Rise BumbleBee Cobalt Strike |
2022-06-06
⋅
Trellix
⋅
Growling Bears Make Thunderous Noise Cobalt Strike HermeticWiper WhisperGate NB65 |
2022-06-04
⋅
kienmanowar Blog
⋅
[QuickNote] CobaltStrike SMB Beacon Analysis Cobalt Strike |
2022-06-03
⋅
AttackIQ
⋅
Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group Cobalt Strike MimiKatz |
2022-06-02
⋅
Mandiant
⋅
TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
2022-06-01
⋅
Elastic
⋅
CUBA Ransomware Campaign Analysis Cobalt Strike Cuba Meterpreter MimiKatz SystemBC |
2022-05-25
⋅
Medium walmartglobaltech
⋅
SocGholish Campaigns and Initial Access Kit FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT |
2022-05-24
⋅
BitSight
⋅
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
2022-05-24
⋅
The Hacker News
⋅
Malware Analysis: Trickbot Cobalt Strike Conti Ryuk TrickBot |
2022-05-22
⋅
R136a1
⋅
Introduction of a PE file extractor for various situations Cobalt Strike Matanbuchus |
2022-05-20
⋅
sonatype
⋅
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux Cobalt Strike |
2022-05-20
⋅
Cybleinc
⋅
Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon Cobalt Strike |
2022-05-20
⋅
AhnLab
⋅
Why Remediation Alone Is Not Enough When Infected by Malware Cobalt Strike DarkSide |
2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
2022-05-18
⋅
PRODAFT Threat Intelligence
⋅
Wizard Spider In-Depth Analysis Cobalt Strike Conti WIZARD SPIDER |
2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
2022-05-12
⋅
Intel 471
⋅
What malware to look for if you want to prevent a ransomware attack Conti BumbleBee Cobalt Strike IcedID Sliver |
2022-05-12
⋅
Red Canary
⋅
The Goot cause: Detecting Gootloader and its follow-on activity GootLoader Cobalt Strike |
2022-05-12
⋅
Red Canary
⋅
Gootloader and Cobalt Strike malware analysis GootLoader Cobalt Strike |
2022-05-12
⋅
TEAMT5
⋅
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu |
2022-05-11
⋅
InfoSec Handlers Diary Blog
⋅
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee Cobalt Strike IcedID PhotoLoader |
2022-05-11
⋅
⋅
NTT
⋅
Operation RestyLink: Targeted attack campaign targeting Japanese companies Cobalt Strike |
2022-05-10
⋅
Marco Ramilli's Blog
⋅
A Malware Analysis in RU-AU conflict Cobalt Strike |
2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
2022-05-09
⋅
TEAMT5
⋅
Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services Cobalt Strike |
2022-05-09
⋅
The DFIR Report
⋅
SEO Poisoning – A Gootloader Story GootLoader LaZagne Cobalt Strike GootKit |
2022-05-08
⋅
IronNet
⋅
Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine Cobalt Strike |
2022-05-06
⋅
Twitter (@MsftSecIntel)
⋅
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity FAKEUPDATES Blister Cobalt Strike LockBit |
2022-05-06
⋅
Palo Alto Networks Unit 42
⋅
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding Cobalt Strike |
2022-05-06
⋅
The Hacker News
⋅
This New Fileless Malware Hides Shellcode in Windows Event Logs Cobalt Strike |
2022-05-05
⋅
Cisco Talos
⋅
Mustang Panda deploys a new wave of malware targeting Europe Cobalt Strike Meterpreter PlugX PUBLOAD |
2022-05-04
⋅
Kaspersky
⋅
A new secret stash for “fileless” malware Cobalt Strike |
2022-05-04
⋅
Twitter (@felixw3000)
⋅
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC. Cobalt Strike IcedID PhotoLoader |
2022-05-03
⋅
Recorded Future
⋅
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse Cobalt Strike EnvyScout |
2022-05-03
⋅
Cluster25
⋅
The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet Cobalt Strike IsaacWiper PyXie |
2022-05-03
⋅
Recorded Future
⋅
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse Cobalt Strike |
2022-05-02
⋅
Cisco Talos
⋅
Conti and Hive ransomware operations: Leveraging victim chats for insights Cobalt Strike Conti Hive |
2022-05-02
⋅
⋅
Macnica
⋅
Attack Campaigns that Exploit Shortcuts and ISO Files Cobalt Strike |
2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect (Annex) Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen |
2022-04-28
⋅
Mandiant
⋅
Trello From the Other Side: Tracking APT29 Phishing Campaigns Cobalt Strike |
2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
2022-04-27
⋅
Mandiant
⋅
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 Cobalt Strike Raindrop SUNBURST TEARDROP |
2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
2022-04-27
⋅
Sentinel LABS
⋅
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility Cobalt Strike LockBit |
2022-04-27
⋅
Sentinel LABS
⋅
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility Cobalt Strike LockBit BRONZE STARLIGHT |
2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
2022-04-25
⋅
The DFIR Report
⋅
Quantum Ransomware Cobalt Strike IcedID |
2022-04-25
⋅
Morphisec
⋅
New Core Impact Backdoor Delivered Via VMware Vulnerability Cobalt Strike JSSLoader |
2022-04-21
⋅
ZeroSec
⋅
Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6 Cobalt Strike |
2022-04-21
⋅
eSentire
⋅
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire More_eggs TerraLoader VenomLNK |
2022-04-19
⋅
Blake's R&D
⋅
Extracting Cobalt Strike from Windows Error Reporting Cobalt Strike |
2022-04-19
⋅
Varonis
⋅
Hive Ransomware Analysis Cobalt Strike Hive MimiKatz |
2022-04-18
⋅
AdvIntel
⋅
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive |