Cobalt Strike

Very popular amongst ransomware crews so well worth focus.

https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/

https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/

https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/

https://www.unh4ck.com/detection-engineering-and-threat-hunting/lateral-movement/detecting-conti-cobaltstrike-lateral-movement-techniques-part-1

https://www.unh4ck.com/detection-engineering-and-threat-hunting/lateral-movement/detecting-conti-cobaltstrike-lateral-movement-techniques-part-2

https://go.recordedfuture.com/hubfs/reports/mtp-2021-0914.pdf

Beacons

https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/bb-ebook-finding-beacons-in-the-dark.pdf

https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/

https://github.com/fox-it/cobaltstrike-beacon-data

Nettitude's Posh C2

https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/

F-Secure's C3

https://labs.f-secure.com/blog/hunting-for-c3/