Application security, Endpoint/Device Security, Cloud Security, Supply chain

New Cobalt Strike detection tools unveiled by Google

Google has moved to bolster detection and disruption of the Cobalt Strike red teaming tool that has since evolved into a remote access tool deployment system through the release of a VirusTotal collection and YARA rules, SecurityWeek reports. Organizations could leverage the new features to identify the components of Cobalt Strike, including JavaScript, VBA macro, and PowerShell script templates that could facilitate the deployment of shellcode implants that eventually result in the final payload delivery. "The stagers, templates, and beacon are contained within the Cobalt Strike JAR file. They are not created on the fly, nor are they heavily obfuscated before deployment from the [] server. Cobalt Strike offers basic protection using a reversible XOR encoding," said Google, which has noted that its YARA-based detection has been developed based on discovered Cobalt Strike JAR files. Meanwhile, hundreds of signatures have been integrated as a VirusTotal collection. "We also released these signatures as open source to cybersecurity vendors who are interested in deploying them within their own products, continuing our commitment to improving open source security across the industry," added Google.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.