Home > List all groups > List all tools > List all groups using tool Cobalt Strike

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Cobalt Strike

NamesCobalt Strike
TypeBackdoor, Vulnerability scanner, Keylogger, Tunneling, Loader, Exfiltration
DescriptionCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.

The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
AlienVault OTX<>

Last change to this tool card: 06 January 2021

Download this tool card in JSON format

All groups using tool Cobalt Strike


APT groups

 APT 19, Deep Panda, C0d0so0China2013-May 2019X
 APT 29, Cozy Bear, The DukesRussia2008-2020X
 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020 HOTX
 APT 41China2012-Aug 2020X
 BariumChina2016-Nov 2017X
 Carbanak, AnunakUkraine2013-Aug 2018X
 ChimeraChina2018-Oct 2019 
 Cobalt GroupRussia2016-Oct 2019X
 CopyKittens, Slayer KittenIran2013-Jan 2017 
 DarkHydrus, LazyMeerkatIran2016-Jan 2019 
 Earth WendigoChina2019 
 FIN6, Skeleton Spider[Unknown]2015-Mar 2020 
 FIN7Russia2013-Dec 2020 HOTX
 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-May 2020 
 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jan 2020 
 MuddyWater, Seedworm, TEMP.Zagros, Static KittenIran2017-Dec 2020 HOTX
 Mustang Panda, Bronze PresidentChina2014-Mar 2020 
 Operation DRBControlChina2019 
 RedDeltaChina2020-Sep 2020 
 Stone Panda, APT 10, menuPassChina2006-Jul 2020X
 TA2101, Maze Team[Unknown]2019-Oct 2020 
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X
 UNC2452, Dark Halo, SolarStormRussia2019 
 Winnti Group, Blackfly, Wicked PandaChina2010-Feb 2020 

Other groups

 Indrik SpiderRussia2014-Jul 2020X
 Pinchy Spider, Gold SouthfieldRussia2018-Nov 2020X
 Wizard Spider, Gold BlackburnRussia2014-Nov 2020X

32 groups listed (27 APT, 5 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key