Cobalt Strike – Page 7 – WindowsTechs.com

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

Posted on July 7, 2021 by Tim Starks

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […]

The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop.

Continue reading Malware spammers aim to leverage Kaseya ransomware drama in email campaign→

Create listeners with an aggressor script – listener_create_ext

Posted on July 2, 2021 by Joe Vest

This short post is a follow up to the post “Manage Cobalt Strike with Services” where I described a method to automate Cobalt Strike teamservers by creating services. In this post, I will take a closer look at the aggressor function that is used to create listeners listener_create_ext to expanded on the documentation and provide an […]

Continue reading Create listeners with an aggressor script – listener_create_ext→

Cybercriminals are deploying legit security tools far more than before, researchers conclude

Posted on June 29, 2021 by Tonya Riley

Financially motivated cybercriminals are increasingly turning to Cobalt Stike, a legitimate tool that cybersecurity professionals use to test system security, researchers at Proofpoint found. The cybersecurity firm declined to disclose specific numbers but reported a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. Proofpoint researchers have already seen tens of thousands of organizations targeted by the tool this year and expect those numbers to climb in 2021, according to the report the firm released Tuesday. Threat groups are able to get ahold of the tool from pirated versions circulating the dark web, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Cobalt Strike is a popular tool for security testing because of the variety of attacks it enables. Most notable among them is Cobalt Strike Beacon, a malware that allows hackers to mask their activity and communications with a system once it’s infiltrated. Russian hackers […]

The post Cybercriminals are deploying legit security tools far more than before, researchers conclude appeared first on CyberScoop.

Continue reading Cybercriminals are deploying legit security tools far more than before, researchers conclude→

Manage Cobalt Strike with Services

Posted on June 23, 2021 by Joe Vest

This post is part of a “Quality of Life” series, where tips and tricks will be shared to make using Cobalt Stike easier. Cobalt Strike is a post-exploitation framework and requires customization to meet your specific needs. This flexibility is one of the most powerful features of Cobalt Strike. While this is great, some may […]

Continue reading Manage Cobalt Strike with Services→

Detecting Cobalt Strike and Hancitor traffic in PCAP

Posted on May 31, 2021 by Erik Hjelmvik

This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you’re going: 😱 OMG he’s analyzing Windows malware on a Windows PC!!! Relax, I know what I’m doing. I have al… Continue reading Detecting Cobalt Strike and Hancitor traffic in PCAP→

There’s a New Deputy in Town

Posted on April 23, 2021 by Joe Vest

It’s been less than a month since I joined the Cobalt Strike team. My first impressions of this team have been overwhelmingly positive. As Raphael transitioned out, He left us with a message “Cobalt Strike is in good hands.” I couldn’t agree more. What can you expect from me? I’m here to provide input and […]

Continue reading There’s a New Deputy in Town→

Cobalt Strike 4.3 – Command and CONTROL

Posted on March 3, 2021 by Greg Darwin

Cobalt Strike 4.3 is now available. The bulk of the release involves updates to DNS processing but there are some other, smaller changes in there too. DNS updates We have added options to Malleable C2 to allow DNS traffic to be masked. A new dns-beacon block allows you to specify options to override the DNS […]

Gootloader exploits websites via SEO to spread ransomware, trojans

Posted on March 3, 2021 by Deeba Ahmed

By Deeba Ahmed
Researchers have warned that Gootloader campaigns generally target users in the US, Germany, France, and South Korea.
This is a post from HackRead.com Read the original post: Gootloader exploits websites via SEO to spread ransomware, tro… Continue reading Gootloader exploits websites via SEO to spread ransomware, trojans→

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Posted on January 8, 2021 by Becky Bracken

Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces. Continue reading Malicious Software Infrastructure Easier to Get and Deploy Than Ever→

The 5 Most-Wanted Threatpost Stories of 2020

Posted on December 30, 2020 by Threatpost

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year. Continue reading The 5 Most-Wanted Threatpost Stories of 2020→