Vermilion Strike: Linux and Windows Re-implementation of Cobalt

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike Key Findings -Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratch -Linux malware is fully undetected by vendors -Has IoC and technical overlaps with previously discovered Windows DLL files -Highly targeted with victims including telecommunications, government and finance Cobalt Strike is a popular red team tool for Windows which is also heavily used by threat actors. At the time of this writing, there is no official Cobalt Strike version for Linux. In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files. The malware is fully undetected in VirusTotal at the time of this writing and was uploaded from Malaysia. Based on telemetry with collaboration from our partners at McAfee Enterprise ATR, this Linux threat has been active in the wild since August targeting telecom companies, government agencies, IT companies, financial institutions and advisory companies around the world. Targeting has been limited in scope, suggesting that this malware is used in specific attacks rather than mass spreading. After further analysis, we found Windows samples that use the same C2. The samples are re-implementations of Cobalt Strike Beacon. The Windows and ELF samples share the same functionalities. The sophistication of this threat, its intent to conduct espionage, and the fact that the code hasn’t been seen before in other attacks, together with the fact that it targets specific entities in the wild, leads us to believe that this threat was developed by a skilled threat actor. In this post we will provide a technical analysis of the samples and explain how you can detect and respond to this threat. Samples: #vermilionstrike #cobaltstrike #windows #linux

Claude 2 is here!

Claude 2 is here! Hi there, The wait is over! Our latest model, Claude 2, is now available through our API. Read more here. We’ve heard from users that Claude 2 is easy to converse with, better at explaining its thinking, much less likely to produce harmful outputs, and has a longer memory. We’ve also made significant improvements on coding, math, and reasoning compared to our previous models. Access the new model As an API user, you can continue using Console as your workstation for optimizing prompts, managing your keys, and accessing developer resources. You're able to call Claude 2 and benefit from its performance improvements today. As an AI enthusiast, anyone in the US and UK can now use the public-facing chat experience at claude.ai as their day-to-day AI assistant. Join our Discord community We’ve also just launched our official Anthropic Discord server where you can chat about Claude 2, discover resources for building with our API, explore prompt ideas, provide feedback including new feature requests, and showcase your project. Accept your invite here! What builders are saying AI content creation platform Jasper has already integrated Claude 2 to help its customers break through writer's block and adapt content to different formats and languages. "We are really happy to be among the first to offer Claude 2 to our customers, bringing enhanced semantics, up-to-date knowledge training, improved reasoning for complex prompts, and the ability to effortlessly remix existing content with a 3X larger context window," said Greg Larson, VP of engineering at Jasper. "We are proud to help our customers stay ahead of the curve through partnerships like this one with Anthropic." AI coding platform Sourcegraph has paired Claude 2 with its code graph to power the AI assistant, Cody. The assistant answers technical questions, and generates code within its text editor. “When it comes to AI coding, devs need fast and reliable access to context about their unique codebase and a powerful LLM with a large context window and strong general reasoning capabilities,” says Quinn Slack, CEO & Co-founder of Sourcegraph. “The slowest and most frustrating parts of the dev workflow are becoming faster and more enjoyable. Thanks to Claude 2, Cody’s helping more devs build more software that pushes the world forward.” We can’t wait to see what you build with our latest model! Warmly, The Anthropic Team