Tag
high
threat
FrostyNeighbor Targets Ukraine with Updated PicassoLoader Chain
2 rules 3 TTPs 3 IOCsThe FrostyNeighbor threat actor is targeting Ukrainian governmental organizations with spearphishing emails containing malicious PDFs that deliver a JavaScript dropper (PicassoLoader) and ultimately a Cobalt Strike beacon.
Cobalt Strike +2
FrostyNeighbor
cyberespionage
cobaltstrike
picassoloader
ukraine
2r
3t
3i
high
advisory
Detection of Default Cobalt Strike PowerShell Beacon
2 rules 2 TTPsThis brief outlines detection strategies for default Cobalt Strike PowerShell beacons, which are used for command and control, by identifying specific function and variable names within PowerShell script block logs.
Splunk Enterprise +2
cobaltstrike
powershell
beacon
commandandcontrol
windows
2r
2t
high
advisory
Cobalt Strike PowerShell Loader Detection
2 rules 2 TTPsThis brief details a detection for a PowerShell loader pattern commonly used with Cobalt Strike to decompress and execute payloads, often observed in scripted web delivery attacks.
Splunk Enterprise +2
cobaltstrike
powershell
malware
windows
2r
2t