RULE(RULE ID:333733)

Rule General Information
Release Date: 2021-07-16
Rule Name: Tool Cobalt Strike Attack - Set Connection
Rule Protection Details
Description: Cobalt Strike is threat emulation software. Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature security programs. Cobalt Strike exploits network vulnerabilities, launches spear phishing campaigns, hosts web drive-by attacks, and generates malware infected files from a powerful graphical user interface that encourages collaboration and reports all oprations.
Impact: Successfully running this file can cause damages such as host control and information leakage.
Affected OS: Windows, Linux, Others
Check system patches and scan the host to fix the vulnerabilities in the system in time.