Cybercriminals recreate Cobalt Strike in Linux
By MYBRANDBOOK
Cobalt Strike is a legitimate penetration testing tool for Windows systems. This new variant, called Vermilion Strike incorporates features of Cobalt Strike such as a command and control (C2) protocol, remote access capabilities, and the ability to execute shell instructions depending on the author. The source code for Cobalt Strike version 4.0 has been reported leaked online, but most of the malicious attackers tracked by the cybersecurity team appear to be relying on hacked or leaked copies of the software.
In August, Intezer uncovered the new ELF implementation of Cobalt Strike's beacon, which appears to have originated from Malaysia.
When the researchers reported Vermilion Strike, it went undetected on VirusTotal as malicious software.
Built on a Red Hat Linux distribution, the malware is capable of launching beacons, listing files, changing and pulling working directories, appending and writing to files, uploading data to its C2, executing commands via the popen function, and analyzing disk partitions.
While capable of attacking Linux builds, Windows samples have also been found that use the same C2 server and contain the same functionality.
The researchers worked with McAfee Enterprise ATR to examine the software and have come to the conclusion that Vermilion Strike is being used in targeted attacks against telecoms, government, IT, advisory, and financial organizations worldwide.
This is not the only unofficial port of Cobalt Strike, however. There is also geacon, an open source project based on the Golang programming language.
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
AGGRESSIVE ELECTRONICS MANUFACTURING SERVICES PVT. LTD.
TEJAS NETWORKS INDIA PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
VERSA NETWORKS INDIA PVT. LTD.
Technology Icons Of India 2023: Nikhil Rathi
Nikhil Rathi, Co-founder & CEO of Web Werks, a global leader in Data C...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
M. TECH SOLUTIONS (I) PVT. LTD.
M.Tech is a leading cyber security and network performance solutions ...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
SONATA INFORMATION TECHNOLOGY LIMITED
Sonata Software Limited is a leading Modernization engineering company...