Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

back to article Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams' lives easier by giving them a clue about whether or not Cobalt Strike traffic across …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Version 1.0 Silver badge

    Here's a complete list of unhackable software

    err ...

    3 0 Reply
  2. steviebuk Silver badge

    This is why...

    ...I was recently told by a software vendor (in their T&C) when testing their new AV to "Not upload their installer to VirusTotal". I thought that was suspicious so asked why not. Turns out, which I never knew and then confirmed when I looked it up (and mentioned in this article). Anyone with a specific subscription and varified by VirusTotal, can download anything that is submitted to VirusTotal. The AV vendor doesn't want the software contained in the installer getting into the hands of competitors (probably still a poor argument as if their competitor wanted to do that. They'd just pretend to be a fake customer).

    1 0 Reply
    1. Clausewitz 4.0
      Reply Icon
      Devil

      Re: This is why...

      .. Or maybe they just didn't have added yet the anti-debug tricks, obfuscation, encryption to their Anti-Virus code.

      It used to be surprisingly simple to "patch" AV code in memory in the 90's to avoid samples scanning. Nowadays, generally speaking, a bit harder. With windows defender, a bit easier.

      0 0 Reply
  3. Eclectic Man Silver badge
    Facepalm

    Google-owned

    I really must read things more carefully. When I saw "... Google-owned malware repository VirusTotal ..." I wondered what on Earth Google was doing owning malware, and isn't that illegal?

    4 0 Reply
    1. Tomato42
      Reply Icon
      Stop

      Re: Google-owned

      Owning malware shouldn't be illegal, just like having knives shouldn't be illegal.

      Using it is whole different matter.

      0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Google-owned

      As this article from a few days ago mentions:

      https://www.theregister.com/2021/10/22/russian_crims_lured_youtubers_with/

      there's plenty of malware available on github.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021

Your Consent Options Cookies Privacy Ts&Cs