{
	"id": "b46f6164-741e-4cc8-bcf8-6d8270de27e9",
	"created_at": "2026-04-06T00:08:19.64118Z",
	"updated_at": "2026-04-10T03:24:24.406694Z",
	"deleted_at": null,
	"sha1_hash": "fc23400179846b7f67d931355973512b583d1e12",
	"title": "前言 | Cobalt Strike",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 117012,
	"plain_text": "前言 | Cobalt Strike\r\nPublished: 2021-12-17 · Archived: 2026-04-05 16:55:20 UTC\r\nCobalt Strike\r\n⌘Ctrlk\r\n前言\r\n文档迁移到新版gitbook旧版废弃以删除\r\n本文档整体可分为三个部分基础，扩展进阶，原理。\r\n基础部分主要写基本使用和操作\r\n扩展进阶则是一些进阶内容如C2配置和隐藏，代理转发，以及cs的相关内容等等\r\n原理部分就是分析研究一下cs里相关功能的原理和实现可能也会涉及一些其他技术\r\n全文以Cobalt Strike4.1为例部分地方如果是以3.14为例我会标注出来\r\n由于本人水平有限更是九年义务教育的漏网之鱼所以文笔不怎样(估计还得不少错别字)还请多多包涵，如\r\n果文章中有出现错误也请大佬们及时指正\r\n错误反馈:$V0JHbFlsQGdtYWlsLmNvbQ== or $MTc1NzgxMjc2Ng==\r\nhttps://wbglil.gitbook.io/cobalt-strike/\r\nPage 1 of 2\n\n声明一下因为我并非专门研究CS，本文档只是业余时间做的一些记录，闲下来我可能就会更新一些内\r\n容，所以是随缘更新，如有错误还请及时指出。\r\n这里不会提供任何成品，仅提供思路或作为参考，本文档也不会涉及任何和bypass免杀相关的内容，\r\nbypass相关内容将会在未来文档“Antivirus And EDR Internals”中\r\n下一页目录\r\n最后更新于 4年前\r\nSource: https://wbglil.gitbook.io/cobalt-strike/\r\nhttps://wbglil.gitbook.io/cobalt-strike/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "ZH",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://wbglil.gitbook.io/cobalt-strike/"
	],
	"report_names": [
		"cobalt-strike"
	],
	"threat_actors": [
		{
			"id": "610a7295-3139-4f34-8cec-b3da40add480",
			"created_at": "2023-01-06T13:46:38.608142Z",
			"updated_at": "2026-04-10T02:00:03.03764Z",
			"deleted_at": null,
			"main_name": "Cobalt",
			"aliases": [
				"Cobalt Group",
				"Cobalt Gang",
				"GOLD KINGSWOOD",
				"COBALT SPIDER",
				"G0080",
				"Mule Libra"
			],
			"source_name": "MISPGALAXY:Cobalt",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434099,
	"ts_updated_at": 1775791464,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fc23400179846b7f67d931355973512b583d1e12.pdf",
		"text": "https://archive.orkl.eu/fc23400179846b7f67d931355973512b583d1e12.txt",
		"img": "https://archive.orkl.eu/fc23400179846b7f67d931355973512b583d1e12.jpg"
	}
}