cobalt strike – PossibleThreat Articles

Security Sophos

ConnectWise ScreenConnect attacks deliver malware

February 28, 2024 0 Comments asyncrat, cobalt strike, cve-2024-1708, cve-2024-1709, featured, ir, lockbit, mdr, Ransomware, rust, screenconnect, sophos x-ops, threat research

Credit to Author: Andrew Brandt| Date: Fri, 23 Feb 2024 10:40:38 +0000

Multiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments

MalwareBytes Security

Warning issued over increased activity of TrueBot malware

July 10, 2023 0 Comments cl0p, cobalt strike, cve-2022-31199, flawedgrace, news, Ransomware, raspberry robin, silence group, teleport, truebot

Categories: News

Categories: Ransomware

Tags: TrueBot

Tags: Cl0p

Tags: Silence Group

Tags: CVE-2022-31199

Tags: Raspberry Robin

Tags: FlawedGrace

Tags: Cobalt Strike

Tags: Teleport

CISA, the FBI, the MS-ISAC, and the CCCS have warned about increased activity of the TrueBot malware in the US and Canada.

(Read more…)

The post Warning issued over increased activity of TrueBot malware appeared first on Malwarebytes Labs.

Security Sophos

The Phantom Menace: Brute Ratel remains rare and targeted

May 18, 2023 0 Comments brute ratel, cobalt strike, featured, havok, meterpreter, post-exploitation tools, sliver, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 May 2023 11:00:58 +0000

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

MalwareBytes Security

Update now! GoAnywhere MFT zero-day patched

February 8, 2023 0 Comments Brian Krebs, cobalt strike, code white, emergency patch 7.1.2, florian hauser, fortra, goanywhere mft, kevin beaumont, managed file transfer, news

Categories: News

Tags: GoAnywhere MFT

Tags: managed file transfer

Tags: Kevin Beaumont

Tags: Brian Krebs

Tags: emergency patch 7.1.2

Tags: Fortra

Tags: Cobalt Strike

Tags: Florian Hauser

Tags: Code White

A bug in GoAnywhere, a B2B management file transfer software, could lead to a serious supply chain attack if left unpatched. Update now!

(Read more…)

The post Update now! GoAnywhere MFT zero-day patched appeared first on Malwarebytes Labs.

MalwareBytes Security

Silence is golden partner for Truebot and Clop ransomware

December 13, 2022 0 Comments clop ransomware, cobalt strike, fin11, grace, news, Ransomware, silence, ta505, teleport, truebot

Categories: News

Categories: Ransomware

Tags: Silence

Tags: TA505

Tags: Clop ransomware

Tags: Truebot

Tags: Grace

Tags: Cobalt Strike

Tags: Teleport

Tags: FIN11

Researchers have identified two new Truebot botnets that are using new versions of the Truebot downloader Trojan to infiltrate and explore a target’s network.

(Read more…)

The post Silence is golden partner for Truebot and Clop ransomware appeared first on Malwarebytes Labs.

MalwareBytes Security

A week in security (July 11 – July 17)

July 18, 2022 0 Comments A week in security, bandai namco, cobalt strike, elden ring, mangatoon, microsoft updates, predatory sparrow, pypi, Ransomware, spyjoker, tonto team, whatsapp

Credit to Author: Malwarebytes Labs| Date: Mon, 18 Jul 2022 10:22:29 +0000

The most important and interesting computer security stories from the last week.

The post A week in security (July 11 – July 17) appeared first on Malwarebytes Labs.

MalwareBytes Security

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

July 13, 2022 0 Comments cobalt strike, cobaltstrike, threat intelligence, uac-0056, unc2589

Credit to Author: Threat Intelligence Team| Date: Wed, 13 Jul 2022 16:17:09 +0000

While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group.

The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.

Security Sophos

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

June 15, 2022 0 Comments cobalt strike, Cryptomining, cve-2017-11357, cve-2017-1137, cve-2019-18935, PowerShell, security operations, SophosLabs Uncut, telerik, threat research, xmrig

Credit to Author: Matt Wixey| Date: Wed, 15 Jun 2022 11:00:05 +0000

Attacker targets bugs in a popular web application graphical interface development tool

MalwareBytes Security

Karakurt extortion group: Threat profile

June 14, 2022 0 Comments accenture security, advanced intel, anydesk, chainalysis, cirt, cisa, cobalt strike, conti ransomware, cyber incident response team, Cybercrime, cybersecurity and infrastructure security agency, diavol, diavol ransomware, dridex, evil corp, FBI, federal bureau of investigation, FileZilla, karakurt, karakurt extortion group, karakurt lair, karakurt team, kimberly goody, mandiant, mega.io, MFA, mimikatz, multi-factor authentication, ncc, ransomhouse, Ransomware, ransomware syndicate, rclone, tetra defense, virtual private network, vpn, wall street journal

Credit to Author: Jovi Umawing| Date: Tue, 14 Jun 2022 16:00:29 +0000

An obscure group called Karakurt has extorted organizations in the US and elsewhere. Know how to keep it away from your network.

The post Karakurt extortion group: Threat profile appeared first on Malwarebytes Labs.

Security Sophos

The Active Adversary Playbook 2022

June 7, 2022 0 Comments active adversary, artifacts, attack tools, cobalt strike, Cryptomining, cyberattacks, cyberthreats, dwell time, Exploit, featured, initial access broker, malware delivery system, mitre, proxylogon, proxyshell, Ransomware, Ransomware as a Service, security operations, sophos rapid response, vulnerability

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

← Previous