Jump to content

Concerns Over Undetected CobaltStrike Samples and Unaddressed Submissions

Recommended Posts

Looks like Eset Cobalt Strike detection capability has improved!

I found a sample not detected by Eset on VT. Upon download, Eset real-time detection caught it as suspicious; i.e. LiveGrid blacklist detection;


Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
8/20/2023 2:26:29 PM;Real-time file system protection;file;C:\Users\xxxxxx\Downloads\220f6b9f96106f637b339e2c6aee7259e76a9fd8a7237bc69ca7c1412bb8f992.exe;Suspicious Object;cleaned by deleting;xxxxxxxxx;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (DF22612647E9404A515D48EBAD490349685250DE).;32CEDDF549C30161214D09EE1297B7A557BE701C;8/20/2023 2:26:10 PM

Of note here is no LiveGuard submission was done prior to detection.

One possible reason for Eset detection is the file sig, was invalid;


The digital signature of the object did not verify.


Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...