Cobalt Strike - S0154
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:32
- Modified
- 27/05/2026 21:40
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 58 attack patterns (mitre), 2 intrusion sets (apt), 14 sectors, 11 countries, 99 indicators, 18 vulnerabilities (cve), 79 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (58)
-
T1203 usesExploitation for Client Execution MITRE
-
T1039 usesData from Network Shared Drive MITRE
-
T1078 usesValid Accounts MITRE
-
T1012 usesQuery Registry MITRE
-
T1222.001 usesWindows File and Directory Permissions Modification MITRE
-
T1543.003 usesWindows Service MITRE
-
T1132.002 usesNon-Standard Encoding MITRE
-
T1027.005 usesIndicator Removal from Tools MITRE
-
T1566.002 usesSpearphishing Link MITRE
-
T1036.001 usesInvalid Code Signature MITRE
-
T1471 MITRE
-
TA0001 uses
Intrusion sets (APT) (2)
-
BlackSuit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Earth Baxia usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (14)
-
Business Services targets
-
Education targets
-
Legal consulting targets
-
Road transport targets
-
Telecommunications targets
-
Multimedia targets
-
Commercial Facilities targets
-
Critical Manufacturing targets
-
Professional and scientific services targets
-
Manufacturing targets
-
Consulting targets
-
Technology targets
Countries (11)
-
North Macedonia targets
-
Papua New Guinea targets
-
Sri Lanka targets
-
Czechia targets
-
United States of America targets
-
Mongolia targets
-
Germany targets
-
Namibia targets
-
Japan targets
-
Hong Kong targets
-
Kazakhstan targets
Indicators (99)
-
stix 100/100 Revoked· Valid until 19/10/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 14/06/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 18/05/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 06/12/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 20/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/02/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 20/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 04/03/2026 · Source: AlienVault
-
stix 100/100· Valid until 15/11/2026 · Source: AlienVault
Vulnerabilities (CVE) (18)
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker …
- Attack vector
- Network
- Published
- 16/10/2023
- Modified
- 21/12/2025
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
- Attack vector
- Network
- Published
- 08/01/2024
- Modified
- 21/12/2025
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. …
- Attack vector
- NETWORK
- Published
- 12/10/2024
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/11/2021
- Modified
- 20/12/2025
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
Reports (79)
-
3 Malwares 34 Observables 1 APT
-
13 MITREs 9 Malwares 7 Observables 1 APT
-
16 CVEs 20 MITREs 40 Malwares 37 Observables 1 APT
-
1 CVE 5 MITREs 13 Malwares 12 Observables
-
2 CVEs 12 MITREs 1 Malware 60 Observables
-
11 MITREs 4 Malwares 34 Observables 1 APT
-
2 CVEs 14 MITREs 3 Malwares 9 Observables 1 APT
-
19 MITREs 3 Malwares 17 Observables 1 APT
-
14 MITREs 6 Malwares 2 Observables 1 APT
-
25 MITREs 4 Malwares 1 APT
-
1 CVE 21 MITREs 3 Malwares 37 Observables 1 APT
-
14 MITREs 1 Malware 1 APT