Cobalt Strike

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, remote access tool that bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors”. Cobalt Strike’s interactive post-exploit capabilities cover the full range of ATT&CK tactics, all executed within a single, integrated system.(Citation: cobaltstrike manual)

In addition to its own capabilities, [Cobalt Strike](https://attack.mitre.org/software/S0154) leverages the capabilities of other well-known tools such as Metasploit and [Mimikatz](https://attack.mitre.org/software/S0002).(Citation: cobaltstrike manual)

Tecniche Associate (72)

ID	ATT&CK	Tattiche
T1001.003	Protocol or Service Impersonation	-
T1003.001	LSASS Memory	-
T1003.002	Security Account Manager	-
T1005	Data from Local System	-
T1007	System Service Discovery	-
T1012	Query Registry	-
T1016	System Network Configuration Discovery	-
T1018	Remote System Discovery	-
T1021.001	Remote Desktop Protocol	-
T1021.002	SMB/Windows Admin Shares	-
T1021.003	Distributed Component Object Model	-
T1021.004	SSH	-
T1021.006	Windows Remote Management	-
T1027	Obfuscated Files or Information	-
T1027.005	Indicator Removal from Tools	-

Usato da Attori (29)

APT19
Nation-state

APT29
Nation-state

APT32
Nation-state

APT37
Nation-state

APT41
Nation-state

Aquatic Panda
Unknown

BlackByte
Unknown

Chimera
Unknown

Cinnamon Tempest
Unknown

Cobalt Group
Unknown

Metadata

ID:	474
Created:	13/01/2026 17:48
Updated:	06/03/2026 04:00