Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-20F-Secure LabsRiccardo Ancarani
@online{ancarani:20201120:detecting:79afa40, author = {Riccardo Ancarani}, title = {{Detecting Cobalt Strike Default Modules via Named Pipe Analysis}}, date = {2020-11-20}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis}, language = {English}, urldate = {2020-11-23} } Detecting Cobalt Strike Default Modules via Named Pipe Analysis
Cobalt Strike
2020-11-09Bleeping ComputerIonut Ilascu
@online{ilascu:20201109:fake:c6dd7b3, author = {Ionut Ilascu}, title = {{Fake Microsoft Teams updates lead to Cobalt Strike deployment}}, date = {2020-11-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/}, language = {English}, urldate = {2020-11-11} } Fake Microsoft Teams updates lead to Cobalt Strike deployment
Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader
2020-11-06Advanced IntelligenceVitali Kremez
@online{kremez:20201106:anatomy:b2ce3ae, author = {Vitali Kremez}, title = {{Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike}}, date = {2020-11-06}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike}, language = {English}, urldate = {2020-11-09} } Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike
BazarBackdoor Cobalt Strike Ryuk
2020-11-06Cobalt StrikeRaphael Mudge
@online{mudge:20201106:cobalt:05fe8fc, author = {Raphael Mudge}, title = {{Cobalt Strike 4.2 – Everything but the kitchen sink}}, date = {2020-11-06}, organization = {Cobalt Strike}, url = {https://blog.cobaltstrike.com/2020/11/06/cobalt-strike-4-2-everything-but-the-kitchen-sink/}, language = {English}, urldate = {2020-11-09} } Cobalt Strike 4.2 – Everything but the kitchen sink
Cobalt Strike
2020-11-03InfoSec Handlers Diary BlogRenato Marinho
@online{marinho:20201103:attackers:9b3762b, author = {Renato Marinho}, title = {{Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike}}, date = {2020-11-03}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26752}, language = {English}, urldate = {2020-11-06} } Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
Cobalt Strike
2020-09-21Cisco TalosNick Mavis, Joe Marshall, JON MUNSHAW
@techreport{mavis:20200921:art:d9702a4, author = {Nick Mavis and Joe Marshall and JON MUNSHAW}, title = {{The art and science of detecting Cobalt Strike}}, date = {2020-09-21}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf}, language = {English}, urldate = {2020-09-23} } The art and science of detecting Cobalt Strike
Cobalt Strike
2020-07-22On the HuntNewton Paul
@online{paul:20200722:analysing:2de83d7, author = {Newton Paul}, title = {{Analysing Fileless Malware: Cobalt Strike Beacon}}, date = {2020-07-22}, organization = {On the Hunt}, url = {https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/}, language = {English}, urldate = {2020-07-24} } Analysing Fileless Malware: Cobalt Strike Beacon
Cobalt Strike
2020-07-07MWLabLadislav Bačo
@online{bao:20200707:cobalt:cf80aa8, author = {Ladislav Bačo}, title = {{Cobalt Strike stagers used by FIN6}}, date = {2020-07-07}, organization = {MWLab}, url = {https://malwarelab.eu/posts/fin6-cobalt-strike/}, language = {English}, urldate = {2020-07-11} } Cobalt Strike stagers used by FIN6
Cobalt Strike
2020-06-23SymantecCritical Attack Discovery and Intelligence Team
@online{team:20200623:sodinokibi:7eff193, author = {Critical Attack Discovery and Intelligence Team}, title = {{Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike}}, date = {2020-06-23}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos}, language = {English}, urldate = {2020-06-23} } Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
Cobalt Strike REvil
2020-06-22Sentinel LABSJoshua Platt, Jason Reaves
@online{platt:20200622:inside:b381dd5, author = {Joshua Platt and Jason Reaves}, title = {{Inside a TrickBot Cobalt Strike Attack Server}}, date = {2020-06-22}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/}, language = {English}, urldate = {2020-06-23} } Inside a TrickBot Cobalt Strike Attack Server
Cobalt Strike TrickBot
2020-06-22Talos IntelligenceAsheer Malhotra
@online{malhotra:20200622:indigodrop:6d5e7e1, author = {Asheer Malhotra}, title = {{IndigoDrop spreads via military-themed lures to deliver Cobalt Strike}}, date = {2020-06-22}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html}, language = {English}, urldate = {2020-06-24} } IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
Cobalt Strike IndigoDrop
2020-06-17MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200617:multistage:6358f3f, author = {Hossein Jazi and Jérôme Segura}, title = {{Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature}}, date = {2020-06-17}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/}, language = {English}, urldate = {2020-06-19} } Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
Cobalt Strike
2020-06-15NCC GroupExploit Development Group
@online{group:20200615:striking:8fdf4bb, author = {Exploit Development Group}, title = {{Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability}}, date = {2020-06-15}, organization = {NCC Group}, url = {https://research.nccgroup.com/2020/06/15/striking-back-at-retired-cobalt-strike-a-look-at-a-legacy-vulnerability/}, language = {English}, urldate = {2020-06-16} } Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
Cobalt Strike
2020-03-04Cobalt StrikeRaphael Mudge
@online{mudge:20200304:cobalt:176b61e, author = {Raphael Mudge}, title = {{Cobalt Strike joins Core Impact at HelpSystems, LLC}}, date = {2020-03-04}, organization = {Cobalt Strike}, url = {https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/}, language = {English}, urldate = {2020-03-04} } Cobalt Strike joins Core Impact at HelpSystems, LLC
Cobalt Strike
2019-12-05Raphael Mudge
@online{mudge:20191205:cobalt:219044e, author = {Raphael Mudge}, title = {{Cobalt Strike 4.0 – Bring Your Own Weaponization}}, date = {2019-12-05}, url = {https://blog.cobaltstrike.com/}, language = {English}, urldate = {2019-12-06} } Cobalt Strike 4.0 – Bring Your Own Weaponization
Cobalt Strike
2019-04-15PenTestPartnersNeil Lines
@online{lines:20190415:cobalt:7b3c086, author = {Neil Lines}, title = {{Cobalt Strike. Walkthrough for Red Teamers}}, date = {2019-04-15}, organization = {PenTestPartners}, url = {https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/}, language = {English}, urldate = {2019-12-17} } Cobalt Strike. Walkthrough for Red Teamers
Cobalt Strike
2019-02-26Fox-ITFox IT
@online{it:20190226:identifying:689104d, author = {Fox IT}, title = {{Identifying Cobalt Strike team servers in the wild}}, date = {2019-02-26}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/}, language = {English}, urldate = {2020-10-25} } Identifying Cobalt Strike team servers in the wild
Cobalt Strike
2018-08-03JPCERT/CCTakuya Endo, Yukako Uchida
@online{endo:20180803:volatility:4597ce0, author = {Takuya Endo and Yukako Uchida}, title = {{Volatility Plugin for Detecting Cobalt Strike Beacon}}, date = {2018-08-03}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html}, language = {English}, urldate = {2019-07-11} } Volatility Plugin for Detecting Cobalt Strike Beacon
Cobalt Strike
2017-11-28RiskIQYonathan Klijnsma
@online{klijnsma:20171128:gaffe:7c5097a, author = {Yonathan Klijnsma}, title = {{Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions}}, date = {2017-11-28}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/cobalt-strike/}, language = {English}, urldate = {2020-01-13} } Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
Cobalt
2017-11-20Trend MicroRonnie Giagone, Lenart Bermejo, Fyodor Yarochkin
@online{giagone:20171120:cobalt:fb5c2ed, author = {Ronnie Giagone and Lenart Bermejo and Fyodor Yarochkin}, title = {{Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks}}, date = {2017-11-20}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/}, language = {English}, urldate = {2019-10-29} } Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
More_eggs Cobalt