The cybercrime underground’s adoption of Cobalt Strike correlates with the rise in ransomware activity over the past few years. Cobalt Strike is a commercial tool used by legitimate penetration testers. However, many open source reports show the suite also is used by state-sponsored actors and cybercriminals.
The Intel 471 Malware Intelligence Team has found Cobalt Strike dropped by malware families, such as Bazar, Bokbot, Qbot, and Trickbot, and more.
Download the whitepaper for a deeper look at which threat actor groups and malware families are dropping Cobalt Strike for post-exploitation.