Threats Tagged 'cobaltstrike'
View all threats tagged with 'cobaltstrike'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cobaltstrike'
Click on any threat for detailed analysis and mitigation recommendations
Malicious Campaign Deploying AdaptixC2 Beacon and VS Code via Trojanized SumatraPDF 0 On March 12, 2026, a sophisticated attack campaign was identified targeting Chinese-speaking individuals using military-themed document lures distributed through a malicious ZIP archive. The operation employed a trojanized SumatraPDF binary as the initial vector to deploy an AdaptixC2 Beacon and Visual Studio Code on victim systems. The shellcode loader demonstrated significant similarities to the TOSHIS loader previously linked to TAOTH campaigns. Attackers established a custom AdaptixC2 Beacon listener utilizing GitHub for command-and-control infrastructure. The staging server infrastructure additionally hosted CobaltStrike Beacon and EntryShell backdoor, both previously associated with this threat group. The campaign infrastructure included multiple compromised domains and IP addresses for malware distribution and C2 communications. Join the discussion | AlienVault OTX General | 04/23/2026, 08:30:50 UTC Added: 04/23/2026, 09:06:03 UTC |
CountLoader: New Malware Loader Being Served in 3 Different Versions 0 A new malware loader named CountLoader has been identified, strongly associated with Russian ransomware gangs. It comes in three versions: .NET, PowerShell, and JScript. The threat is believed to be part of an Initial Access Broker's toolset or used by a ransomware affiliate linked to LockBit, BlackBasta, and Qilin groups. CountLoader was recently employed in a phishing campaign targeting Ukrainian citizens, impersonating the Ukrainian police. The loader attempts to connect to multiple C2 servers, downloads and executes various malware payloads, and uses advanced techniques to evade detection. It has been observed dropping CobaltStrike and AdaptixC2, among other malicious tools. The malware's functionality includes system information gathering, persistence mechanisms, and multiple download methods. Join the discussion | AlienVault OTX General | 09/19/2025, 08:57:24 UTC Added: 09/19/2025, 10:42:28 UTC |
Statistics Report on Malware Targeting Windows Database Servers in Q2 2025 0 The analysis team has categorized attacks on MS-SQL and MySQL servers installed on Windows systems during Q2 2025. While the number of targeted systems remains stable, attacks on MS-SQL servers have been decreasing. MySQL servers saw a significant spike in attacks in June 2025. The report provides detailed statistics on attack trends, including graphs illustrating the attack status for both server types. It also includes a list of MD5 hashes, URLs, FQDNs, and IP addresses associated with the malicious activities. The analysis covers various types of malware and tools used in these attacks, ranging from backdoors and miners to ransomware and remote access trojans. Join the discussion | AlienVault OTX General | 08/08/2025, 17:08:29 UTC Added: 08/08/2025, 21:02:50 UTC |
Showing 1 to 3 of 3 results