The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.
Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons,” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.
Cobalt Strike is widely adopted by threat actors that use cracked versions to gain persistent remote access to a target network.
Bleeping Computer reported that two weeks ago, someone has created a repository on GitHub that contains the alleged source code for Cobalt Strike 4.0.
The analysis of the source code leaked by the threat actor revealed that it is related to version 4.0 released of the popular software that was released on December 5th, 2019.
The code was decompiled by someone that fixed all the dependencies and removed the license check in order to compile it.
The repository has been already forked more than hundreds of times and is rapidly spreading online.
Bleeping Computer pointed out that it is not the original source code of the toolkit, however, its availability online could allow threat actors to rapidly modify it and use their own version in their campaigns.
(SecurityAffairs – hacking, CobaltStrike)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.