The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.
Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons,” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.
Cobalt Strike is widely adopted by threat actors that use cracked versions to gain persistent remote access to a target network.
Bleeping Computer reported that two weeks ago, someone has created a repository on GitHub that contains the alleged source code for Cobalt Strike 4.0.
The analysis of the source code leaked by the threat actor revealed that it is related to version 4.0 released of the popular software that was released on December 5th, 2019.
The code was decompiled by someone that fixed all the dependencies and removed the license check in order to compile it.
The repository has been already forked more than hundreds of times and is rapidly spreading online.
Bleeping Computer pointed out that it is not the original source code of the toolkit, however, its availability online could allow threat actors to rapidly modify it and use their own version in their campaigns.
(SecurityAffairs – hacking, CobaltStrike)