DETECTION OVERVIEW

Cobalt Strike Beacon Transfer

Risk Factors

Cobalt Strike is an attack toolkit that enables an attacker to set up a sophisticated command-and-control (C&C) infrastructure. Through a persistent connection, an attacker can remotely control a device and gain an entry point for further attacks on your network.

Kill Chain

Lateral Movement

Risk Score

Attack Background

Cobalt Strike enables post-compromise activity with Beacon agents. After a successful exploit, attackers install the Cobalt Strike Beacon payload on a device in your environment where the beacon initiates a connection to a C&C server, referred to as the Cobalt Strike team server. A Cobalt Strike Beacon executable in your environment indicates that an attacker might have compromised a device on your network. Monitor your environment for compromised devices exhibiting unusual behavior, such as outbound connections to new external endpoints.

Mitigation Options

Quarantine the device while checking for the presence of malware

Monitor and investigate unusual network activity for lateral movement or data exfiltration

Implement controls that prevent unauthorized applications from running on devices

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases