Jump to content

Intrusion Software Detecting as Cobalt


cbondeson

Recommended Posts

My companies SECOPS team was notified of a potential Cobalt Strike alert . Cobalt Strike is associated with ransomware and may be a indicator of compromise. VPN and network accounts for user have been disabled until further investigation is possible.  I disabled Kamo and this alert was removed. 

Link to comment
Share on other sites

  • Admin

Hi @cbondeson Thanks for bringing this to our attention. We strongly believe this refers to a false positive but in any case, our product team is eager to investigate why this had happened. 

Can you please tell me what intrusion software made the detection and if possible, would you be able to attach logs from the intrusion software? 

Link to comment
Share on other sites

  • Admin

That's completely understandable, and thanks for letting me know. 

As an additional request, if you could inform us of what Windows OS this alert appeared on and if applicable, the OS build & version number as well.

Please also let me know if you would prefer to continue via email as I'll gladly contact you using the email address registered to your forums account.

My email would be sent from support@ccleaner.com. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.