To help identify Cobalt Strike and stop its malicious use, Google has released YARA rules and a VirusTotal Collection.
Cobalt Strike, a red teaming tool that was introduced in 2012, is made up of a number of tools that can mimic actual cyber threats and is contained in a JAR file. To give the attacker control over infected systems from a single interface, it employs a server/client strategy. Threat actors now use Cobalt Strike’s point-and-click capabilities to deploy remote access tools on targeted systems, where they can then move laterally into victim environments.
The cracked version of the tool has been available for years, despite the vendor of the tool having a system in place to stop them from selling it to malicious organizations.