CobaltStrike3

Cobalt Strike beacon @config YAML parser. Double IsDebuggerPresent. Malleable C2 profile. Every APT group uses it.

Threat Profile
Type C2Framework
Programming LanguageC/C++
C2 ProtocolHTTP/DNS
First Seen2012
Targets Kurumsal
Purpose / Capabilities
  • C2 Framework+RAT
No C2 servers have been identified for this family yet.

Research Reports (2)

High

Cobalt Strike -- @config @key-not-found YAML/TOML Parser Hataları, Çift IsDebuggerPresent | Yüksek

Cobalt Strike 775KB beacon. @config @key not found @string literal @unsupported method YAML TOML parser. Cift IsDebuggerPresent.

Read Report →
Critical

Cobalt Strike -- 775KB, mevblocker.io Ethereum RPC C2, SetHandleInformation Anti-Debug | Kritik

Cobalt Strike 775KB. mevblocker.io (ETH RPC) C2 kanalin. SetHandleInformation. IsDebuggerPresent.

Read Report →