Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-24The DFIR ReportThe DFIR Report
@online{report:20220124:cobalt:b0b48ee, author = {The DFIR Report}, title = {{Cobalt Strike, a Defender’s Guide – Part 2}}, date = {2022-01-24}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/}, language = {English}, urldate = {2022-01-25} } Cobalt Strike, a Defender’s Guide – Part 2
Cobalt Strike
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:extracting:39bd5e5, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Extracting Cobalt Strike Beacon Configurations}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/03.extracting-cobalt-strike-beacon/article/}, language = {English}, urldate = {2022-01-25} } Extracting Cobalt Strike Beacon Configurations
Cobalt Strike
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:collecting:696e5d0, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Collecting Cobalt Strike Beacons with the Elastic Stack}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/02.collecting-cobalt-strike-beacons/article/}, language = {English}, urldate = {2022-01-25} } Collecting Cobalt Strike Beacons with the Elastic Stack
Cobalt Strike
2022-01-19SophosColin Cowie, Mat Gangwer, Stan Andic, Sophos MTR Team
@online{cowie:20220119:zloader:e87c22c, author = {Colin Cowie and Mat Gangwer and Stan Andic and Sophos MTR Team}, title = {{Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike}}, date = {2022-01-19}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/}, language = {English}, urldate = {2022-01-25} } Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader
2022-01-16forensicitguyTony Lambert
@online{lambert:20220116:analyzing:2c8a9db, author = {Tony Lambert}, title = {{Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike}}, date = {2022-01-16}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-cactustorch-hta-cobaltstrike/}, language = {English}, urldate = {2022-01-25} } Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike
2022-01-15Huntress LabsTeam Huntress
@online{huntress:20220115:threat:cb103f0, author = {Team Huntress}, title = {{Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)}}, date = {2022-01-15}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike}, language = {English}, urldate = {2022-03-07} } Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike
2022-01-11CybereasonOmri Refaeli, Chen Erlich, Ofir Ozer, Niv Yona, Daichi Shimabukuro
@online{refaeli:20220111:threat:fd22089, author = {Omri Refaeli and Chen Erlich and Ofir Ozer and Niv Yona and Daichi Shimabukuro}, title = {{Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike}}, date = {2022-01-11}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-datoploader-exploits-proxyshell-to-deliver-qbot-and-cobalt-strike}, language = {English}, urldate = {2022-01-18} } Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2022-01-09forensicitguyTony Lambert
@online{lambert:20220109:inspecting:4681f0a, author = {Tony Lambert}, title = {{Inspecting a PowerShell Cobalt Strike Beacon}}, date = {2022-01-09}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/inspecting-powershell-cobalt-strike-beacon/}, language = {English}, urldate = {2022-01-25} } Inspecting a PowerShell Cobalt Strike Beacon
Cobalt Strike
2021-12-29Blake's R&DBlake
@online{blake:20211229:cobalt:b8c08bb, author = {Blake}, title = {{Cobalt Strike DFIR: Listening to the Pipes}}, date = {2021-12-29}, organization = {Blake's R&D}, url = {https://bmcder.com/blog/cobalt-strike-dfir-listening-to-the-pipes}, language = {English}, urldate = {2021-12-31} } Cobalt Strike DFIR: Listening to the Pipes
Cobalt Strike
2021-12-28Morphus LabsRenato Marinho
@online{marinho:20211228:attackers:48320eb, author = {Renato Marinho}, title = {{Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons}}, date = {2021-12-28}, organization = {Morphus Labs}, url = {https://morphuslabs.com/attackers-are-abusing-msbuild-to-evade-defenses-and-implant-cobalt-strike-beacons-edac4ab84f42}, language = {English}, urldate = {2021-12-31} } Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
Cobalt Strike
2021-12-07Bleeping ComputerLawrence Abrams
@online{abrams:20211207:emotet:f33c999, author = {Lawrence Abrams}, title = {{Emotet now drops Cobalt Strike, fast forwards ransomware attacks}}, date = {2021-12-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/}, language = {English}, urldate = {2021-12-08} } Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Cobalt Strike Emotet
2021-11-17nvisoDidier Stevens
@online{stevens:20211117:cobalt:0b6ecf5, author = {Didier Stevens}, title = {{Cobalt Strike: Decrypting Obfuscated Traffic – Part 4}}, date = {2021-11-17}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/17/cobalt-strike-decrypting-obfuscated-traffic-part-4/}, language = {English}, urldate = {2021-11-18} } Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike
2021-11-17Black Hills Information SecurityKyle Avery
@online{avery:20211117:dns:847b573, author = {Kyle Avery}, title = {{DNS Over HTTPS for Cobalt Strike}}, date = {2021-11-17}, organization = {Black Hills Information Security}, url = {https://www.blackhillsinfosec.com/dns-over-https-for-cobalt-strike/}, language = {English}, urldate = {2022-02-19} } DNS Over HTTPS for Cobalt Strike
Cobalt Strike
2021-11-16CiscoChetan Raghuprasad, Vanja Svajcer, Asheer Malhotra
@online{raghuprasad:20211116:attackers:c31ad77, author = {Chetan Raghuprasad and Vanja Svajcer and Asheer Malhotra}, title = {{Attackers use domain fronting technique to target Myanmar with Cobalt Strike}}, date = {2021-11-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html}, language = {English}, urldate = {2021-11-17} } Attackers use domain fronting technique to target Myanmar with Cobalt Strike
Cobalt Strike
2021-11-03nvisoDidier Stevens
@online{stevens:20211103:cobalt:8f8223d, author = {Didier Stevens}, title = {{Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3}}, date = {2021-11-03}, organization = {nviso}, url = {https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/}, language = {English}, urldate = {2021-11-08} } Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3
Cobalt Strike
2021-11-02boschko.ca blogOlivier Laflamme
@online{laflamme:20211102:cobalt:d09aa11, author = {Olivier Laflamme}, title = {{Cobalt Strike Process Injection}}, date = {2021-11-02}, organization = {boschko.ca blog}, url = {https://boschko.ca/cobalt-strike-process-injection/}, language = {English}, urldate = {2021-11-29} } Cobalt Strike Process Injection
Cobalt Strike
2021-10-27nvisoDidier Stevens
@online{stevens:20211027:cobalt:b91181a, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2}}, date = {2021-10-27}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/}, language = {English}, urldate = {2021-11-03} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2
Cobalt Strike
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-21nvisoDidier Stevens
@online{stevens:20211021:cobalt:bfc8702, author = {Didier Stevens}, title = {{Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1}}, date = {2021-10-21}, organization = {nviso}, url = {https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/}, language = {English}, urldate = {2021-10-26} } Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1
Cobalt Strike
2021-10-13BlackberryBlackBerry Research & Intelligence Team
@online{team:20211013:blackberry:9892a2c, author = {BlackBerry Research & Intelligence Team}, title = {{BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book}}, date = {2021-10-13}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/10/blackberry-shines-spotlight-on-evolving-cobalt-strike-threat-in-new-book}, language = {English}, urldate = {2022-04-25} } BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book
Cobalt Strike