ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Cobalt Strike

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Cobalt Strike

NamesCobalt Strike
TypeBackdoor, Vulnerability scanner, Keylogger, Tunneling, Loader, Exfiltration
DescriptionCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.

The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
AlienVault OTX<>

Last change to this tool card: 05 September 2023

Download this tool card in JSON format

All groups using tool Cobalt Strike


APT groups

 APT 19, Deep Panda, C0d0so0China2013-Mar 2022X
XAPT 29, Cozy Bear, The DukesRussia2008-Aug 2023 HOTX
 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020X
XAPT 41China2012-Late 2022X
     ↳ Subgroup: Earth LongzhiChina2020-Apr 2023 
 Aquatic PandaChina2020 
 BariumChina2016-Nov 2017X
 Bronze HighlandChina2012-Nov 2022 
XBronze StarlightChina2021-Mar 2023 
 Carbanak, AnunakUkraine2013-Apr 2023X
 ChamelGangChina2021-Jun 2023 HOT 
 ChimeraChina2018-Oct 2019 
 Cobalt GroupRussia2016-Oct 2019X
 CopyKittens, Slayer KittenIran2013-Jan 2017 
 DarkHydrus, LazyMeerkatIran2016-Jan 2019 
 Doppel SpiderRussia2019-Feb 2023X
XEarth LuscaChina2019 
 Earth WendigoChina2019 
 FIN6, Skeleton Spider[Unknown]2015-Oct 2021X
 FIN7Russia2013-Mar 2023X
 Indrik SpiderRussia2007-Dec 2021X
 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-Late 2022 
 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jul 2021X
XMuddyWater, Seedworm, TEMP.Zagros, Static KittenIran2017-May 2023X
XMustang Panda, Bronze PresidentChina2012-May 2023 
 OldGremlinRussia2020-Feb 2021 
XOPERA1ER[Unknown]2016-Jul 2023 HOTX
XOperation GhostwriterBelarus2017-Apr 2022X
 Pinchy Spider, Gold SouthfieldRussia2018-May 2022X
XReaper, APT 37, Ricochet Chollima, ScarCruftNorth Korea2012-Sep 2023 HOTX
 RedDeltaChina2020-Feb 2022 
XRedHotel, TAG-22China2021 
 SaintBear, Lorec53Russia2021-Oct 2022 
 Sprite Spider, Gold Dupont[Unknown]2015-Nov 2022 
 Stone Panda, APT 10, menuPassChina2006-Feb 2022X
 TA2101, Maze Team[Unknown]2019-Feb 2022X
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X
 Winnti Group, Blackfly, Wicked PandaChina2010-Mar 2021 
 Wizard Spider, Gold BlackburnRussia2014-Feb 2023X

Other groups

 ALTDOS[Unknown]2020-Sep 2021X
 Karakurt[Unknown]2021-Sep 2022 
 TA511[Unknown]2018-Oct 2020 

54 groups listed (50 APT, 4 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]