Cobalt Strike is a commercial penetration testing tool, which gives security testers access to a large variety of attack capabilities. Cobalt Strike can be used to conduct spear-phishing and gain unauthorized access to systems and can emulate a variety of malware and other advanced threat tactics. APT actors use cobalt strike to conduct targeted attacks. Below are the latest indicators of compromise.
Credits : Research by ExecuteMalware
THREAT IDENTIFICATION: COBALT STRIKE STAGER
SUBJECTS OBSERVED
Case Notices for: 09-19-94883-CV
SENDERS OBSERVED
Laura Williams
MALICIOUS DOC FILE HASHES
case#_1085423526_2097196119 [.]xls
8f083b2940815cc411bd5305f949765b
COBALT STRIKE STAGER PAYLOAD URLS
http://digitaldays [.]ro/site/brandupi [.]php
COBALT STRIKE STAGER FILE HASHES
svh [.]osts
71032e98341065c93f38a226de74d7a0
ADDITIONAL FILE HASHES
opa12 [.]dat
b1aff3b5ea271b3a0294d12257f2435a
COBALT STRIKE C2s
https://onealabamasport [.]com/jquery-3 [.]3 [.]2 [.]slim [.]min [.]js
https://onealabamasport [.]com/jquery-3 [.]3 [.]1 [.]min [.]js
SUPPORTING EVIDENCE
https://urlhaus [.]abuse [.]ch/url/1063587/
https://bazaar [.]abuse [.]ch/sample/b7d4f66a98e928dfb18d41021e5ad11043a3fc473c794edf481e8aa8c7cc9255/
https://bazaar [.]abuse [.]ch/sample/132bdcb986e3e3b9599b5b293b3318e7c630495e87a9d1fa02287ae80f9e652f
https://tria [.]ge/210312-wvcgbytymn