Cobalt Strike Archives - Unit 42

Protect Against Russia-Ukraine Cyber Activity

Conceptual image representing phishing, including the way Bumblebee malware is distributed, as discussed here

63,014

people reacted

Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

By Brad Duncan
August 3, 2022 at 12:00 PM

5

8 min. read

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

72,102

people reacted

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

By Mike Harbison and Peter Renals
July 19, 2022 at 3:00 AM

33

15 min. read

A conceptual image representing malware and its evasions.

41,465

people reacted

Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption

By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj
July 13, 2022 at 6:00 AM

9

9 min. read

A conceptual image that represents malware, including the malicious uses of Cobalt Strike and its metadata encoding algorithm covered here.

31,225

people reacted

Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding

By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj
May 6, 2022 at 12:00 PM

6

9 min. read

Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect

45,961

people reacted

Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect

By Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia and Siddhart Shibiraj
March 16, 2022 at 3:00 PM

12

9 min. read

A conceptual image representing malware, such as the BazarLoader windows-based malware discussed here.

52,544

people reacted

Case Study: From BazarLoader to Network Reconnaissance

By Brad Duncan
October 18, 2021 at 6:00 AM

15

7 min. read

A conceptual image representing Wireshark Tutorials.

45,354

people reacted

Wireshark Tutorial: Examining Traffic from Hancitor Infections

By Brad Duncan
April 7, 2021 at 6:00 AM

25

20 min. read

Malicious email, as depicted here, can be the starting point of a chain of events related to Hancitor infections, which have recently been observed distributing Cobalt Strike and using a noisy network ping tool.

41,307

people reacted

Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool

By Brad Duncan
April 1, 2021 at 12:00 PM

15

11 min. read