Cobalt Strike and Tradecraft
Tags
attack-pattern: Credentials - T1589.001 Dcsync - T1003.006 Powershell - T1059.001 Ssh - T1021.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 8762cf04-85b5-4e27-adb8-c32d53f3076c
Fingerprint 77388fb7098c9e96
Analysis status DONE
Considered CTI value 0
Text language
Published July 26, 2021, 10:46 a.m.
Added to db Jan. 18, 2023, 9:45 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline hausec
Title Cobalt Strike and Tradecraft
Detected Hints/Tags/Attributes 33/1/8
Source URLs
Redirection Url
Details Source https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft/
URL Provider
Details Provider Source level domain
Details hausec.com hausec.com
Attributes
Details Type #Events CTI Value
Details Domain 10 
blog.cobaltstrike.com
Details File 2127 
cmd.exe
Details File 137 
conhost.exe
Details File 1260 
explorer.exe
Details File 172 
dllhost.exe
Details File 1209 
powershell.exe
Details File 62 
whoami.exe
Details Url 2 
https://blog.cobaltstrike.com/2015/12/16/windows-access-tokens-and-alternate-credentials