Skip to main content
MSRC

msrcthreathunting

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Thursday, October 13, 2022

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike payloads (also called “beacons”) in your network.