Attackers Exploiting Public Cobalt Strike Profiles

June 26, 2024, 5:57 p.m.

Description

This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive nature, posing a significant threat. Palo Alto Networks solutions can help identify and mitigate Cobalt Strike activity across various platforms. The analysis also emphasizes the adaptability of attackers in modifying public profiles to evade detection, highlighting the arms race against evolving threats.

External References

https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/
https://otx.alienvault.com/pulse/667c4f3bdc30b7ff4e4c1d96
Tags
evasion
cobalt strike
malicious
2024-06-26
profiles
samples

Date

  • Created: June 26, 2024, 5:26 p.m.
  • Published: June 26, 2024, 5:26 p.m.
  • Modified: June 26, 2024, 5:57 p.m.

Indicators

  • b587e215ce8c0b3a1525f136fe38bfdc0232300e1a4f7e651e5dc6e86313e941
  • 1980becd2152f4c29dffbb9dc113524a78f8246d3ba57384caf1738142bb3a07
  • 38eeb82dbb5285ff6a2122a065cd1f820438b88a02057f4e31a1e1e5339feb2b
  • www.consumershop.lenovo.com.cn.d4e97cc6.cdnhwcggk22.com
  • gupdater.bbtecno.com
  • cupdater.bbtecno.com
Download all indicators here!

Attack Patterns

  • Cobalt Strike - S0154

Linked vulnerabilities

CVE-2024-3400

None
Published: