Introducing CS2BR pt. I – How we enabled Brute Ratel Badgers to run Cobalt Strike BOFs
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Impersonation - T1656 Process Injection - T1631 Python - T1059.006 Tool - T1588.002 Process Injection - T1055 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID 05d91b9c-9fbc-4d58-b3c8-dcd620a9df13
Fingerprint 246836136dc86616
Analysis status DONE
Considered CTI value 0
Text language
Published May 15, 2023, 9 a.m.
Added to db Aug. 13, 2023, 1:14 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Introducing CS2BR pt. I – How we enabled Brute Ratel Badgers to run Cobalt Strike BOFs
Title Introducing CS2BR pt. I – How we enabled Brute Ratel Badgers to run Cobalt Strike BOFs
Detected Hints/Tags/Attributes 33/2/1
Source URLs
Redirection Url
Details Source https://blog.nviso.eu/2023/05/15/introducing-cs2br-pt-i-how-we-enabled-brute-ratel-badgers-to-run-cobalt-strike-bofs/
URL Provider
Details Provider Source level domain
Details nviso.eu blog.nviso.eu
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 43 NVISO Labs https://blog.nviso.eu/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 533 
ntdll.dll