14,932
edits
Changes
→Cobalt Strike
==Notorious Cases==
==Notorious Cases==
==Cobalt Strike==
===Cobalt Strike===
Cobalt Strike is the legitimate, commercially available tool used by network penetration testers that has been co-opted by threat actors.<ref>[https://threatpost.com/cobalt-strike-cybercrooks/167368/ Cobalt Strike Usage Explodes Among Cybercrooks]</ref> It is also known as Agentemis, BEACON, and CobaltStrike, and the threat actors that have used it include APT 29, APT32, APT41, Anunak, Cobalt, Codoso, CopyKittens, DarkHydrus, FIN6, Leviathan, Mustang Panda, Shell Crew, Stone Panda, UNC1878, UNC2452, and Winnti Umbrella.<ref>[https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike Cobalt Strike, Malpedia]</ref>
Cobalt Strike is the legitimate, commercially available tool used by network penetration testers that has been co-opted by threat actors.<ref>[https://threatpost.com/cobalt-strike-cybercrooks/167368/ Cobalt Strike Usage Explodes Among Cybercrooks]</ref> It is also known as Agentemis, BEACON, and CobaltStrike, and the threat actors that have used it include APT 29, APT32, APT41, Anunak, Cobalt, Codoso, CopyKittens, DarkHydrus, FIN6, Leviathan, Mustang Panda, Shell Crew, Stone Panda, UNC1878, UNC2452, and Winnti Umbrella.<ref>[https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike Cobalt Strike, Malpedia]</ref>