Attackers Exploiting Public Cobalt Strike Profiles
June 26, 2024, 5:57 p.m.
Tags
External References
Description
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive nature, posing a significant threat. Palo Alto Networks solutions can help identify and mitigate Cobalt Strike activity across various platforms. The analysis also emphasizes the adaptability of attackers in modifying public profiles to evade detection, highlighting the arms race against evolving threats.
Date
Published: June 26, 2024, 5:26 p.m.
Created: June 26, 2024, 5:26 p.m.
Modified: June 26, 2024, 5:57 p.m.
Indicators
b587e215ce8c0b3a1525f136fe38bfdc0232300e1a4f7e651e5dc6e86313e941
1980becd2152f4c29dffbb9dc113524a78f8246d3ba57384caf1738142bb3a07
38eeb82dbb5285ff6a2122a065cd1f820438b88a02057f4e31a1e1e5339feb2b
www.consumershop.lenovo.com.cn.d4e97cc6.cdnhwcggk22.com
gupdater.bbtecno.com
cupdater.bbtecno.com
Attack Patterns
Cobalt Strike - S0154
T1076
T1189
T1021
T1486
T1559
T1105
T1083
T1071
T1543
T1569
T1219
T1204
T1027
T1485
T1195
T1190
T1059
CVE-2024-3400