Vermilion Strike: Linux and Windows Re-implementation of Cobalt

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike Key Findings -Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratch -Linux malware is fully undetected by vendors -Has IoC and technical overlaps with previously discovered Windows DLL files -Highly targeted with victims including telecommunications, government and finance Cobalt Strike is a popular red team tool for Windows which is also heavily used by threat actors. At the time of this writing, there is no official Cobalt Strike version for Linux. In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files. The malware is fully undetected in VirusTotal at the time of this writing and was uploaded from Malaysia. Based on telemetry with collaboration from our partners at McAfee Enterprise ATR, this Linux threat has been active in the wild since August targeting telecom companies, government agencies, IT companies, financial institutions and advisory companies around the world. Targeting has been limited in scope, suggesting that this malware is used in specific attacks rather than mass spreading. After further analysis, we found Windows samples that use the same C2. The samples are re-implementations of Cobalt Strike Beacon. The Windows and ELF samples share the same functionalities. The sophistication of this threat, its intent to conduct espionage, and the fact that the code hasn’t been seen before in other attacks, together with the fact that it targets specific entities in the wild, leads us to believe that this threat was developed by a skilled threat actor. In this post we will provide a technical analysis of the samples and explain how you can detect and respond to this threat. Samples: #vermilionstrike #cobaltstrike #windows #linux

相关推荐

封面图片

GitHub监控消息提醒!!!

GitHub监控消息提醒!!! 更新了:Cobalt Strike 描述:An experimental COFF loader for executing Cobalt Strike Beacon Object Files (BOFs) URL: 标签:#Cobalt Strike

封面图片

软件Bottles功能:Linux上运行Windows

软件Bottles 软件功能:Linux上运行Windows软件 支持平台:#Linux 软件简介:一个在Linux上运行Windows软件的工具,预配置了支持在Linux上运行大量Windows视频游戏的环境。通过安装器,可以立即访问最著名的游戏商店,然后像在Windows上一样玩游戏。 软件下载:点击下载

封面图片

RT simp 4 satoshi

RT simp 4 satoshi Here’s our LLaMA-13B fine tuned with RLHF & SFT This has only been trained on 3% of our total dataset size, and no NSFW yet. It is better than GPT3.5 We’re open sourcing all weights and inference code in a few days after training

封面图片

支持 iCloud 同步的 Elpass for Windows/Linux 插件发布。

支持 iCloud 同步的 Elpass for Windows/Linux 插件发布。 Elpass 是一款 macOS、iOS 独占的一站式密码管理器,目前已支持在 Windows/Linux 下的 Chrome、Firefox 使用 iCloud 同步。

封面图片

#投稿 匿名投稿美国 INAP (Windows,Linux)

#投稿 匿名投稿 美国 INAP (Windows,Linux) KVM虚拟化 20G DDOS保护 IP解锁内容: ● 8 vCPU E5-26xx v2(高性能) ● 8G DDR3内存 ● 380G HDD ● IPv4 x1 ● 300Mbps 共享带宽 ● 无限 流量(合理使用) ● 位于美国纽约 ● 支持Windows,Linux ¥120.00RMB/月 新品优惠码(循环8折):INAP_A 新品仅有少量,补货后优惠码将失效 购买链接 群连接:@kuaiyun2 频道:@kuaiyun3

封面图片

#投稿 匿名投稿美国 INAP (Windows,Linux)

#投稿 匿名投稿 美国 INAP (Windows,Linux) 测试ip KVM虚拟化 20G DDOS保护 可搭建RDP IP解锁内容: ● 8 vCPU E5-26xx v2(高性能) ● 8G DDR3内存 ● 500G HDD ● IPv4 x1 ● 400Mbps 共享带宽 ● 无限 流量(合理使用) ● 位于美国纽约 ● 支持Windows,Linux 优惠后 ¥96.00RMB/月 (长期优惠) 新品优惠码(循环8折):INAP_A 新品仅有少量,补货后优惠码将失效 购买链接 群连接:@kuaiyun2 频道:@kuaiyun3

🔍 发送关键词来寻找群组、频道或视频。

启动SOSO机器人