Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server detection is key in this effort. As Cobalt Strike has become increasingly popular among cyber adversaries, other C2 frameworks such as Covenant, Sliver, Empire, and Metasploit have also been exploited. However, threat actors are now pivoting to alternative frameworks such as Sliver, which are easier to acquire and less likely to be detected. As Google Cloud's YARA signatures only cover specific versions of cracked Cobalt Strike, detection gaps remain. To address this, IronNet has developed a proactive threat intelligence feed called IronRadar. This feed can be integrated into existing security tools, allowing organizations to proactively block threats and improve detection. IronRadar supports detection capabilities for more than 30 additional tools, including scanning engines, phishing frameworks, and loader malware. It is designed to detect and block new adversary infrastructure during the incipient stage, before follow-on activity such as ransomware deployment or data theft can occur. IronRadar is a valuable resource for proactively detecting and blocking threats targeting networks.
This Cyber News was published on www.ironnet.com. Publication date: Mon, 06 Feb 2023 21:17:03 +0000