Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
@online{bykkaya:20220804:lockbit:15879e8, author = {Arda Büyükkaya}, title = {{LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-08-04}, organization = {YouTube (Arda Büyükkaya)}, url = {https://www.youtube.com/watch?v=C733AyPzkoc}, language = {English}, urldate = {2022-08-08} } LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20220802:manjusaka:706c14a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Manjusaka: A Chinese sibling of Sliver and Cobalt Strike}}, date = {2022-08-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html}, language = {English}, urldate = {2022-08-02} } Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka
2022-07-28SentinelOneJúlio Dantas, James Haughom, Julien Reisdorffer
@online{dantas:20220728:living:3cc6f4f, author = {Júlio Dantas and James Haughom and Julien Reisdorffer}, title = {{Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-07-28}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/}, language = {English}, urldate = {2022-08-01} } Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-27Trend MicroBuddy Tancio, Jed Valderama
@online{tancio:20220727:gootkit:f1c63fa, author = {Buddy Tancio and Jed Valderama}, title = {{Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike}}, date = {2022-07-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html}, language = {English}, urldate = {2022-07-29} } Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Cobalt Strike GootKit Kronos REvil SunCrypt
2022-07-27SANS ISCBrad Duncan
@online{duncan:20220727:icedid:839e33a, author = {Brad Duncan}, title = {{IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-07-27}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884}, language = {English}, urldate = {2022-07-28} } IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-22Binary NinjaXusheng Li
@online{li:20220722:reverse:3fa4adf, author = {Xusheng Li}, title = {{Reverse Engineering a Cobalt Strike Dropper With Binary Ninja}}, date = {2022-07-22}, organization = {Binary Ninja}, url = {https://binary.ninja/2022/07/22/reverse-engineering-cobalt-strike.html}, language = {English}, urldate = {2022-07-25} } Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
Cobalt Strike
2022-07-13Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220713:cobalt:dd907c3, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption}}, date = {2022-07-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/}, language = {English}, urldate = {2022-07-15} } Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
Cobalt Strike
2022-07-13Malwarebytes LabsRoberto Santos, Hossein Jazi
@online{santos:20220713:cobalt:5d47ba1, author = {Roberto Santos and Hossein Jazi}, title = {{Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign}}, date = {2022-07-13}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/}, language = {English}, urldate = {2022-07-14} } Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
Cobalt Strike
2022-07-11Cert-UACert-UA
@online{certua:20220711:uac0056:f690298, author = {Cert-UA}, title = {{UAC-0056 attack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4941)}}, date = {2022-07-11}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/703548}, language = {Ukrainian}, urldate = {2022-07-15} } UAC-0056 attack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4941)
Cobalt Strike
2022-07-07SANS ISCBrad Duncan
@online{duncan:20220707:emotet:3732ca7, author = {Brad Duncan}, title = {{Emotet infection with Cobalt Strike}}, date = {2022-07-07}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/}, language = {English}, urldate = {2022-07-12} } Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-07-06Cert-UACert-UA
@online{certua:20220706:uac0056:af030ea, author = {Cert-UA}, title = {{UAC-0056 cyberattack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4914)}}, date = {2022-07-06}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/619229}, language = {Ukrainian}, urldate = {2022-07-15} } UAC-0056 cyberattack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4914)
Cobalt Strike
2022-06-17SANS ISCBrad Duncan
@online{duncan:20220617:malspam:25c76a4, author = {Brad Duncan}, title = {{Malspam pushes Matanbuchus malware, leads to Cobalt Strike}}, date = {2022-06-17}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28752}, language = {English}, urldate = {2022-06-22} } Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus
2022-05-20sonatypeAx Sharma
@online{sharma:20220520:new:15b8bf7, author = {Ax Sharma}, title = {{New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux}}, date = {2022-05-20}, organization = {sonatype}, url = {https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux}, language = {English}, urldate = {2022-05-24} } New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
Cobalt Strike
2022-05-12Red CanaryTony Lambert, Lauren Podber
@techreport{lambert:20220512:gootloader:4562030, author = {Tony Lambert and Lauren Podber}, title = {{Gootloader and Cobalt Strike malware analysis}}, date = {2022-05-12}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2022/05/Gootloader.pdf}, language = {English}, urldate = {2022-05-13} } Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-05-08IronNetMichael Leardi, Joey Fitzpatrick, Brent Eskridge
@online{leardi:20220508:tracking:8f52310, author = {Michael Leardi and Joey Fitzpatrick and Brent Eskridge}, title = {{Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine}}, date = {2022-05-08}, organization = {IronNet}, url = {https://www.ironnet.com/blog/tracking-cobalt-strike-servers-used-in-cyberattacks-on-ukraine}, language = {English}, urldate = {2022-05-09} } Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
Cobalt Strike
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220506:cobalt:8248108, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding}}, date = {2022-05-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/}, language = {English}, urldate = {2022-05-09} } Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-05-04Twitter (@felixw3000)Felix
@online{felix:20220504:twitter:0fb7e35, author = {Felix}, title = {{Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.}}, date = {2022-05-04}, organization = {Twitter (@felixw3000)}, url = {https://twitter.com/felixw3000/status/1521816045769662468}, language = {English}, urldate = {2022-05-09} } Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:f0328ef, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility}, language = {English}, urldate = {2022-07-25} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-21ZeroSecAndy Gill
@online{gill:20220421:understanding:65e50fe, author = {Andy Gill}, title = {{Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6}}, date = {2022-04-21}, organization = {ZeroSec}, url = {https://blog.zsec.uk/cobalt-strike-profiles/}, language = {English}, urldate = {2022-04-24} } Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6
Cobalt Strike