Cobalt Strike - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:41:54 UTC
DescriptionCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named
'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not
limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port
scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage
shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself
into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS,
SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a
toolkit for developing shellcode loaders, called Artifact Kit.
The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable,
and highly customizable.
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7ea8d070-cfd7-473c-a615-437fc292af55
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7ea8d070-cfd7-473c-a615-437fc292af55
Page 1 of 1