ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Cobalt Strike

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Cobalt Strike

NamesCobalt Strike
TypeBackdoor, Vulnerability scanner, Keylogger, Tunneling, Loader, Exfiltration
DescriptionCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.

The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
AlienVault OTX<>

Last change to this tool card: 20 July 2022

Download this tool card in JSON format

All groups using tool Cobalt Strike


APT groups

 APT 19, Deep Panda, C0d0so0China2013-Mar 2022X
XAPT 29, Cozy Bear, The DukesRussia2008-Aug 2022 HOTX
 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020X
XAPT 41China2012-Aug 2021X
 Aquatic PandaChina2020 
 BariumChina2016-Nov 2017X
 Bronze HighlandChina2014 
 Bronze StarlightChina2021 
 Carbanak, AnunakUkraine2013-Nov 2021X
 ChimeraChina2018-Oct 2019 
 Cobalt GroupRussia2016-Oct 2019X
 CopyKittens, Slayer KittenIran2013-Jan 2017 
 DarkHydrus, LazyMeerkatIran2016-Jan 2019 
 Doppel SpiderRussia2019-Oct 2021 
 Earth LuscaChina2019 
 Earth WendigoChina2019 
 FIN6, Skeleton Spider[Unknown]2015-Oct 2021X
 FIN7Russia2013-Jan 2022X
XIndrik SpiderRussia2007-Dec 2021X
 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-May 2020 
XLeviathan, APT 40, TEMP.PeriscopeChina2013-Jul 2021X
 MuddyWater, Seedworm, TEMP.Zagros, Static KittenIran2017-Nov 2021X
XMustang Panda, Bronze PresidentChina2014-Jun 2022 HOT 
 OldGremlinRussia2020-Feb 2021 
 Operation GhostwriterBelarus2017-Apr 2022X
 Pinchy Spider, Gold SouthfieldRussia2018-May 2022X
XReaper, APT 37, Ricochet Chollima, ScarCruftNorth Korea2012-Jul 2022 HOTX
 RedDeltaChina2020-Feb 2022 
 SaintBear, Lorec53Russia2021-Mar 2022 
 Sprite Spider, Gold Dupont[Unknown]2015-Mar 2022 
 Stone Panda, APT 10, menuPassChina2006-Feb 2022X
 TA2101, Maze Team[Unknown]2019-Feb 2022X
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X
 Winnti Group, Blackfly, Wicked PandaChina2010-Mar 2021 
 Wizard Spider, Gold BlackburnRussia2014-Jun 2022 HOTX

Other groups

 ALTDOS[Unknown]2020-Sep 2021X
XKarakurt[Unknown]2021-Sep 2022 HOT 
 TA511[Unknown]2018-Oct 2020 

49 groups listed (45 APT, 4 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]