Cobalt Strike Archives - Unit 42

Conceptual image representing evasive malware such as Cobalt Strike

53,650

people reacted

Blowing Cobalt Strike Out of the Water With Memory Analysis

By Dominik Reichel, Esmid Idrizovic and Bob Jung
December 2, 2022 at 6:00 AM

18

15 min. read

Malware conceptual image, covering topics such as Cobalt Strike Team Server, which can be abused by malware authors for malicious purposes

65,422

people reacted

Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild

By Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu and Siddhart Shibiraj
November 3, 2022 at 6:00 AM

22

9 min. read

Conceptual image representing phishing, including the way Bumblebee malware is distributed, as discussed here

76,457

people reacted

Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

By Brad Duncan
August 3, 2022 at 12:00 PM

56

8 min. read

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

82,066

people reacted

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

By Mike Harbison and Peter Renals
July 19, 2022 at 3:00 AM

57

15 min. read

A conceptual image representing malware and its evasions.

46,727

people reacted

Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption

By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj
July 13, 2022 at 6:00 AM

31

9 min. read

A conceptual image that represents malware, including the malicious uses of Cobalt Strike and its metadata encoding algorithm covered here.

36,229

people reacted

Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding

By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj
May 6, 2022 at 12:00 PM

11

9 min. read

Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect

60,056

people reacted

Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect

By Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia and Siddhart Shibiraj
March 16, 2022 at 3:00 PM

17

9 min. read

A conceptual image representing malware, such as the BazarLoader windows-based malware discussed here.

57,012

people reacted

Case Study: From BazarLoader to Network Reconnaissance

By Brad Duncan
October 18, 2021 at 6:00 AM

27

7 min. read

A conceptual image representing Wireshark Tutorials.

53,298

people reacted

Wireshark Tutorial: Examining Traffic from Hancitor Infections

By Brad Duncan
April 7, 2021 at 6:00 AM

46

20 min. read

Malicious email, as depicted here, can be the starting point of a chain of events related to Hancitor infections, which have recently been observed distributing Cobalt Strike and using a noisy network ping tool.

47,903

people reacted

Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool

By Brad Duncan
April 1, 2021 at 12:00 PM

30

11 min. read