Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Google open source 165YARA rules to help companies detect Cobalt Strike attacks

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)11/24 Report--

CTOnews.com November 22, the Google Cloud Threat Intelligence team recently announced open source YARA rules and VirusTotal Collection of indicators of compromise (IOCs) to help enterprises defend against Cobalt Strike attacks.

Greg Sinclair (Greg Sinclair), security engineer at Google Cloud Threat Intelligence, said:

We are releasing an open source set of YARA rules to the community and integrating them into the VirusTotal collection to help the community tag and identify Cobalt Strike components and their respective versions. Because some versions have been abused by threat actors, detecting the exact version of Cobalt Strike is an important part of determining the legality of use by non-malicious actors.

CTOnews.com learned that cracked and leaked versions of Cobalt Strike lag at least one version in most cases, allowing Google to collect hundreds of samples of hacked frames, templates and beacons to establish highly accurate YARA-based detection rules.

Sinclair added:

Our goal is to perform high-fidelity detection so that we can accurately determine the version of a particular Cobalt Strike component. Whenever possible, we establish a signature to detect a specific version of the Cobalt Strike component.

CTOnews.com learned that Cobalt Strike (developed by Fortra, formerly known as Help Systems) is a legitimate penetration testing tool that has been under development since 2012. It is designed as an attack framework for red teams to scan their organization's infrastructure for vulnerabilities and security vulnerabilities. This makes Cobalt Strike one of the most commonly used tools in cyber attacks, which can lead to data theft and extortion software.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report