Responding to a Cobalt Strike attack — Part III
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 69a38fcf-5619-4fe7-8591-a1bd43948616
Fingerprint b2789f3639a0d45e
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 7, 2021, midnight
Added to db Aug. 31, 2024, 10:50 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Responding to a Cobalt Strike attack — Part III
Title Responding to a Cobalt Strike attack — Part III
Detected Hints/Tags/Attributes 33/1/18
Source URLs
Redirection Url
Details Source https://www.invictus-ir.com/news/responding-to-a-cobalt-strike-attack-part-iii
URL Provider
Details Provider Source level domain
Details invictus-ir.com www.invictus-ir.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 417 Invictus Incident Response blog https://www.invictus-ir.com/news/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 74 
thedfirreport.com
Details Domain 4127 
github.com
Details Domain 47 
go.recordedfuture.com
Details Domain 184 
www.fireeye.com
Details File 1122 
svchost.exe
Details File 5 
cs.exe
Details File 3 
mtp-2021-0914.pdf
Details File 3 
greater_visibilityt.html
Details Github username 4 
te-k
Details Github username 2 
romanemelyanov
Details Github username 2 
michaelkoczwara
Details sha1 1 
18bab8808b10f188f20999b8184755270696ab0f
Details Url 4 
https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide
Details Url 3 
https://github.com/te-k/cobaltstrike
Details Url 2 
https://github.com/romanemelyanov/cobaltstrikeforensic
Details Url 3 
https://go.recordedfuture.com/hubfs/reports/mtp-2021-0914.pdf
Details Url 2 
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
Details Url 1 
https://github.com/michaelkoczwara/awesome-cobaltstrike-defence