Cybercriminals recreate Cobalt Strike in Linux
By MYBRANDBOOK
Cobalt Strike is a legitimate penetration testing tool for Windows systems. This new variant, called Vermilion Strike incorporates features of Cobalt Strike such as a command and control (C2) protocol, remote access capabilities, and the ability to execute shell instructions depending on the author. The source code for Cobalt Strike version 4.0 has been reported leaked online, but most of the malicious attackers tracked by the cybersecurity team appear to be relying on hacked or leaked copies of the software.
In August, Intezer uncovered the new ELF implementation of Cobalt Strike's beacon, which appears to have originated from Malaysia.
When the researchers reported Vermilion Strike, it went undetected on VirusTotal as malicious software.
Built on a Red Hat Linux distribution, the malware is capable of launching beacons, listing files, changing and pulling working directories, appending and writing to files, uploading data to its C2, executing commands via the popen function, and analyzing disk partitions.
While capable of attacking Linux builds, Windows samples have also been found that use the same C2 server and contain the same functionality.
The researchers worked with McAfee Enterprise ATR to examine the software and have come to the conclusion that Vermilion Strike is being used in targeted attacks against telecoms, government, IT, advisory, and financial organizations worldwide.
This is not the only unofficial port of Cobalt Strike, however. There is also geacon, an open source project based on the Golang programming language.
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
QUICK HEAL TECHNOLOGIES PVT. Ltd.
GLOBUS INFOCOM LTD.
POLYCAB INDIA PVT. LTD.
DRUVA SOFTWARE PVT. LTD.
Technology Icons Of India 2023: Roshni Nadar Malhotra
Roshni Nadar Malhotra is an Indian billionaire businesswoman and the c...
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
Technology Icons Of India 2023: Ritesh Agarwal
Ritesh Agarwal Founder & CEO of OYO Hotels & Homes-World’s fastest g...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...