Detecting maliciously used Cobalt Strike infrastructure

A few months ago, Google Cloud shared that it has identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect specific versions of Cobalt Strike more likely to be leveraged by threat actors. The goal behind Google Cloud’s research is to make Cobalt Strike “harder for bad guys to abuse,” and IronNet believes a proactive approach to Cobalt Strike server detection is key in this community effort. 

*** This is a Security Bloggers Network syndicated blog from IronNet Blog authored by Rajaram Sivasankar, IronNet VP of Product Management. Read the original post at: