C2 Frameworks
C2 Frameworks
Cobalt Strike
Very popular amongst ransomware crews so well worth focus.
https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/
https://go.recordedfuture.com/hubfs/reports/mtp-2021-0914.pdf
Beacons
https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/
https://github.com/fox-it/cobaltstrike-beacon-data
Nettitude's Posh C2
https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/
F-Secure's C3