Your hacker Blog

The alleged decompiled source code of Cobalt Strike toolkit leaked online

The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository.

The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.

Source Bleeping ComputerCobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons,” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.

Cobalt Strike is widely adopted by threat actors that use cracked versions to gain persistent remote access to a target network.

Bleeping Computer reported that two weeks ago, someone has created a repository on GitHub that contains the alleged source code for Cobalt Strike 4.0.

The analysis of the source code leaked by the threat actor revealed that it is related to version 4.0 released of the popular software that was released on December 5th, 2019.

The code was decompiled by someone that fixed all the dependencies and removed the license check in order to compile it.

The availability of the re-compiled (decompiled JAR) #CobaltStrike code into the workable tool with the commented out “license check” presents new opportunities for cybercriminals groups, unfortunately.It also presents new opportunities for defenders to examine the code. https://t.co/UQUBniWEo6 pic.twitter.com/0xxfVGTvuA— Vitali Kremez (@VK_Intel) November 11, 2020
Cobalt strike source leaked. The license check is commented out pic.twitter.com/DOjqdIDhVq— Amit Serper (@0xAmit) November 11, 2020The repository has been already forked more than hundreds of times and is rapidly spreading online.

Bleeping Computer pointed out that it is not the original source code of the toolkit, however, its availability online could allow threat actors to rapidly modify it and use their own version in their campaigns.

Pierluigi Paganini

(SecurityAffairs – hacking, CobaltStrike)

The post The alleged decompiled source code of Cobalt Strike toolkit leaked online appeared first on Security Affairs.