Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-21ZeroSecAndy Gill
@online{gill:20220421:understanding:65e50fe, author = {Andy Gill}, title = {{Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6}}, date = {2022-04-21}, organization = {ZeroSec}, url = {https://blog.zsec.uk/cobalt-strike-profiles/}, language = {English}, urldate = {2022-04-24} } Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6
Cobalt Strike
2022-04-19Blake's R&Dbmcder02
@online{bmcder02:20220419:extracting:3e827cf, author = {bmcder02}, title = {{Extracting Cobalt Strike from Windows Error Reporting}}, date = {2022-04-19}, organization = {Blake's R&D}, url = {https://bmcder.com/blog/extracting-cobalt-strike-from-windows-error-reporting}, language = {English}, urldate = {2022-04-20} } Extracting Cobalt Strike from Windows Error Reporting
Cobalt Strike
2022-03-30Bleeping ComputerBill Toulas
@online{toulas:20220330:phishing:035d666, author = {Bill Toulas}, title = {{Phishing campaign targets Russian govt dissidents with Cobalt Strike}}, date = {2022-03-30}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-russian-govt-dissidents-with-cobalt-strike/}, language = {English}, urldate = {2022-03-31} } Phishing campaign targets Russian govt dissidents with Cobalt Strike
Unidentified PS 002 (RAT) Cobalt Strike
2022-03-25nccgroupYun Zheng Hu
@online{hu:20220325:mining:287a2e7, author = {Yun Zheng Hu}, title = {{Mining data from Cobalt Strike beacons}}, date = {2022-03-25}, organization = {nccgroup}, url = {https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/}, language = {English}, urldate = {2022-03-28} } Mining data from Cobalt Strike beacons
Cobalt Strike
2022-03-22NVISO LabsDidier Stevens
@online{stevens:20220322:cobalt:fdf35ba, author = {Didier Stevens}, title = {{Cobalt Strike: Overview – Part 7}}, date = {2022-03-22}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/03/22/cobalt-strike-overview-part-7/}, language = {English}, urldate = {2022-03-23} } Cobalt Strike: Overview – Part 7
Cobalt Strike
2022-03-16paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220316:cobalt:015f5df, author = {Chris Navarrete and Durgesh Sangvikar and Andrew Guan and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect}}, date = {2022-03-16}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/}, language = {English}, urldate = {2022-03-18} } Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike
2022-03-16SANS ISCBrad Duncan
@online{duncan:20220316:qakbot:7fe703f, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-16InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20220316:qakbot:ff11e1e, author = {Brad Duncan}, title = {{Qakbot infection with Cobalt Strike and VNC activity}}, date = {2022-03-16}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/28448}, language = {English}, urldate = {2022-03-17} } Qakbot infection with Cobalt Strike and VNC activity
Cobalt Strike QakBot
2022-03-14Bleeping ComputerBill Toulas
@online{toulas:20220314:fake:c599da1, author = {Bill Toulas}, title = {{Fake antivirus updates used to deploy Cobalt Strike in Ukraine}}, date = {2022-03-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/}, language = {English}, urldate = {2022-03-15} } Fake antivirus updates used to deploy Cobalt Strike in Ukraine
Cobalt Strike
2022-03-11Cert-UA
@online{certua:20220311:cyberattack:1e34a52, author = {Cert-UA}, title = {{Cyberattack on Ukrainian state authorities using the Cobalt Strike Beacon (CERT-UA#4145)}}, date = {2022-03-11}, url = {https://cert.gov.ua/article/37704}, language = {Ukrainian}, urldate = {2022-03-14} } Cyberattack on Ukrainian state authorities using the Cobalt Strike Beacon (CERT-UA#4145)
Cobalt Strike
2022-03-04TelsyTelsy
@online{telsy:20220304:legitimate:d46b40c, author = {Telsy}, title = {{Legitimate Sites Used As Cobalt Strike C2s Against Indian Government}}, date = {2022-03-04}, organization = {Telsy}, url = {https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/}, language = {English}, urldate = {2022-03-07} } Legitimate Sites Used As Cobalt Strike C2s Against Indian Government
Cobalt Strike
2022-02-22eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220222:icedid:67f870d, author = {eSentire Threat Response Unit (TRU)}, title = {{IcedID to Cobalt Strike In Under 20 Minutes}}, date = {2022-02-22}, organization = {eSentire}, url = {https://www.esentire.com/blog/icedid-to-cobalt-strike-in-under-20-minutes}, language = {English}, urldate = {2022-05-23} } IcedID to Cobalt Strike In Under 20 Minutes
Cobalt Strike IcedID PhotoLoader
2022-02-22Bleeping ComputerBill Toulas
@online{toulas:20220222:vulnerable:80109eb, author = {Bill Toulas}, title = {{Vulnerable Microsoft SQL Servers targeted with Cobalt Strike}}, date = {2022-02-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/vulnerable-microsoft-sql-servers-targeted-with-cobalt-strike/}, language = {English}, urldate = {2022-02-26} } Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
Cobalt Strike Kingminer Lemon Duck
2022-02-21ASEC
@online{asec:20220221:cobalt:82a24d8, author = {ASEC}, title = {{Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers}}, date = {2022-02-21}, url = {https://asec.ahnlab.com/en/31811/}, language = {English}, urldate = {2022-02-26} } Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers
Cobalt Strike Lemon Duck
2022-02-20Medium SOCFortressSOCFortress
@online{socfortress:20220220:detecting:5d28c28, author = {SOCFortress}, title = {{Detecting Cobalt Strike Beacons}}, date = {2022-02-20}, organization = {Medium SOCFortress}, url = {https://socfortress.medium.com/detecting-cobalt-strike-beacons-3f8c9fdcb654}, language = {English}, urldate = {2022-02-26} } Detecting Cobalt Strike Beacons
Cobalt Strike
2022-02-18Huntress LabsMatthew Brennan
@online{brennan:20220218:hackers:243d8b8, author = {Matthew Brennan}, title = {{Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection}}, date = {2022-02-18}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection}, language = {English}, urldate = {2022-02-26} } Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
Cobalt Strike
2022-02-16Security OnionDoug Burks
@online{burks:20220216:quick:e515983, author = {Doug Burks}, title = {{Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08}}, date = {2022-02-16}, organization = {Security Onion}, url = {https://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html}, language = {English}, urldate = {2022-02-17} } Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
Cobalt Strike Emotet
2022-02-15eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220215:increase:a4de9ce, author = {eSentire Threat Response Unit (TRU)}, title = {{Increase in Emotet Activity and Cobalt Strike Deployment}}, date = {2022-02-15}, organization = {eSentire}, url = {https://www.esentire.com/blog/increase-in-emotet-activity-and-cobalt-strike-deployment}, language = {English}, urldate = {2022-05-23} } Increase in Emotet Activity and Cobalt Strike Deployment
Cobalt Strike Emotet
2022-02-10CybereasonCybereason Global SOC Team
@online{team:20220210:threat:320574f, author = {Cybereason Global SOC Team}, title = {{Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot}}, date = {2022-02-10}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot}, language = {English}, urldate = {2022-02-10} } Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot