Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine

On April 18, 2022, CERT-UA published alert #4490, which describes a malicious email campaign targeting Ukraine. The email attempts to deploy a Cobalt Strike beacon on the victim's system through the use of a MS Office macro. In the alert, CERT-UA provides a list of indicators of compromise (IoCs), including a list of IP addresses and domains used in the attack that are known to be Cobalt Strike command and control (C2) servers.

The post Tracking Cobalt Strike Servers …

cobalt cobalt strike cyberattacks servers threat research tracking ukraine