top of page

Blowing Cobalt Strike Out of the Water With Memory Analysis

Cobalt Strike is a clear example of the type of evasive malware that has been a thorn in the side of detection engines for many years. It is one of the most well-known adversary simulation frameworks for red team operations. However, it’s not only popular among red teams, but it is also abused by many threat actors for malicious purposes.

MALWARE FAMILIES: LithiumLoader, KoboldLoader, MagnetLoader, Cobalt Strike

ATT&CK IDS: T1106 - Native API, T1574 - Hijack Execution Flow, T1187 - Forced Authentication, T1055 - Process Injection, T1140 - Deobfuscate/Decode Files or Information, T1566 - Phishing, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1560 - Archive Collected Data, T1027 - Obfuscated Files or Information, T1547 - Boot or Logon Autostart Execution, T1059 - Command and Scripting Interpreter, T1074 - Data Staged, T1036 - Masquerading, T1561 - Disk Wipe, T1030 - Data Transfer Size Limits

Read More:

1 view


Commenting has been turned off.
bottom of page