Cobalt Strike Activity Update


What is Cobalt Strike?

Cobalt Strike is a platform for conducting offensive cyber operations. Many of the components of this toolset are being used every day by researchers as well as threat actors and hackers. Over the next few days we will be posting some new reports in the home that it helps companies protect their networks from this type of activity.

Cobalt Strike is a powerful platform for conducting offensive cyber operations. It contains a wide variety of tools for conducting spear phishing and web drive-by attacks to gain initial access. Through the artefact kit, Cobalt Strike also has a flexible obfuscation framework. However, it is in the arena of post-exploitation that Cobalt Strike really shines. It has a custom implant, called Beacon, which can handle command and control (C2) communications via HTTP(S), DNS and even SMB named pipes. Beacon has numerous options for lateral movement, e.g., WMI and psexec as well as the ability to load PowerShell and .Net assemblies for additional modules such as mimikatz.

Here is what we are observing today.

Utilizing threat data for good, Jigsaw Security provides the Jigsaw Security threat intelligence platform that utilizes data from over 2500 sources. Many of the products out there "protecting" networks are inferior at stopping threats. Find out why we have been highly successful at stopping these attacks and get the Jigsaw Security solution in your enterprise for less than the cost of the competitions solutions that continue to allow infections.

IOCS:

forrolrestons.ru

retredmuchwas.com

neu.x-sait.de

x1.narutik.at

129.226.63.136

77.120.115.221

d2dda0d7280d854be8f8f328fcc77fd130363ba717c8b74ba789d8073f3f38dd 47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae d7959288200d424bd5bfac3c352aa4099106b138b361a3846238808a669ef653 11a095ec826664ca0467187fe0cd4eb78b488232052c0f75c524081a5de33139 8dc83fec12b74d8efe7584241e8ac26c41262e70635ae7c405cfe7b4a819bddf

77.120.115.221

a73683b7095d2de71186894bba589ba44855ecf776a622a9807f0ee312000418

91.224.22.138

91.224.22.138

83.220.141.232

83.220.141.232

8.208.22.7

47.91.91.255

47.91.73.174

8.208.22.7

#MaliciousActivity

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.