China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. “The attackers embedded malicious JavaScript in these Read more…
A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike’s Evasion Features! A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike’s evasion features! Contributors: UDRL Usage Considerations The built-in Cobalt Strike reflective loader is robust, handling all Malleable PE Read more…
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. “SSLoad is designed to stealthily infiltrate systems, gather sensitive Read more…
![from email import header import requests
from requests.auth import HTTPBasicAuth
import json
import base64
def search(search, API_KEY, userName, log):
open_instances = []
usrPass = userName + ‘:’ + API_KEY
encoded_u
base64.b64encode(usrPass.encode()).decode()
url “https://api.riskiq.net/pt/v2/ssl-certificate/history?”
try:
page_number = 0
headers =
‘Content-Type’: ‘application/json’,
‘API-Key’: API_KEY,
‘Authorization’: “Basic %s” % encoded_u,
‘field’: ‘sha1’,
‘order’: ‘desc’,
‘page’: str(page_number),
‘sort’: ‘firstSeen’
response = requests.request(“GET”, url+"&query="+search, headers-headers) response_json
response.json()
for result in response_json[‘results’][0][‘ipAddresses’]:
open_instance
dict()
log.debug(“Found matching 0".format(result)))
open_instance [‘ip’] = result
if ‘port’ in result:
else:
open_instance[‘port’] = result[‘port’]
open_instance[‘port’] = ’’
except Exception as e:
log.info(“RiskIQ Serial History error: ’.format(e))
return open_instances](https://owasp.or.id/wp-content/uploads/2023/11/Hunting-for-Cobalt-Strike-Mining-and-plotting-for-fun-and-360x240.png)
Hunting for Cobalt Strike: Mining and plotting for fun and profit | MSRC Blog Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this Read more…