The source code for the widely used Cobalt Strike toolkit is said to have leaked online to a repository on GitHub.
Cobalt Strike is a penetration testing tool kit that allows intruders to develop "beaconsOn compromised devices to remotely create shells, run PowerShell scripts, or scale privileges on the attacking system.
Twelve days ago, a repository was created on GitHub containing the source code for Cobalt Strike 4.0.
Based on the "src / main / resources / about.html" file, this source code is for Cobalt Strike 4.0, which was released on December 5, 2019.
As can be seen from the source code you can see below, the control for the Cobalt Strike license "changed", which obviously "breaks" the program.
Vitali Kremez, who reviewed the source code, told BleepingComputer that he believes the code Java "Disassembled" manually. The person then corrected any dependencies and removed the license check so that it could be rebuilt.
Since its publication, the repository with the source code has been configured 172 times.
Although it is not the original source code, it is enough to cause concern to professionals security.
The fact that the source code of the "2019" version of Cobalt Strike 4.0 was probably "reconstructed" has significant consequences, as it removes the barriers to entry in the acquisition of the tool and actually facilitates the hacking groups to procure and modify the code as required during actions their."
“Tool leaks open the door to additional tool upgrades as with most tool leaks malware, such as Zeus 18.104.22.168. and TinyNuke which were constantly reused and updated by them hacker after leakageSaid Kremez on BleepingComputer.
BleepingComputer contacted Cobalt Strike and their parent company Help Systems to confirm the αυθεντικότητα of the source code, but has not yet received any response.