cbondeson Posted September 19, 2022 Share Posted September 19, 2022 My companies SECOPS team was notified of a potential Cobalt Strike alert . Cobalt Strike is associated with ransomware and may be a indicator of compromise. VPN and network accounts for user have been disabled until further investigation is possible. I disabled Kamo and this alert was removed. Link to comment Share on other sites More sharing options...
Guest MeganCCleaner Posted September 21, 2022 Share Posted September 21, 2022 Hi @cbondeson Thanks for bringing this to our attention. We strongly believe this refers to a false positive but in any case, our product team is eager to investigate why this had happened. Can you please tell me what intrusion software made the detection and if possible, would you be able to attach logs from the intrusion software? Link to comment Share on other sites More sharing options...
cbondeson Posted September 21, 2022 Author Share Posted September 21, 2022 I have requested the details of the event. I don't know if the security team will consider that a violation of their standards. I will keep you apprised of any decision. Link to comment Share on other sites More sharing options...
Guest MeganCCleaner Posted September 21, 2022 Share Posted September 21, 2022 That's completely understandable, and thanks for letting me know. As an additional request, if you could inform us of what Windows OS this alert appeared on and if applicable, the OS build & version number as well. Please also let me know if you would prefer to continue via email as I'll gladly contact you using the email address registered to your forums account. My email would be sent from support@ccleaner.com. Link to comment Share on other sites More sharing options...
cbondeson Posted September 21, 2022 Author Share Posted September 21, 2022 The security team, as I suspected, will not divulge this information. They have been the point of many attacks and don't want to let out any secrets. Link to comment Share on other sites More sharing options...
cbondeson Posted September 22, 2022 Author Share Posted September 22, 2022 i am running Windows 10, OS Build 19044.2006, Windows Feature Experience Pack 120.2212.4180.0 Link to comment Share on other sites More sharing options...
Guest MeganCCleaner Posted September 23, 2022 Share Posted September 23, 2022 Hi @cbondeson I understand, although our security team here did say they most certainly would not betray your trust and in any case, thanks for providing information about your system. Rather than providing logs, would it be possible to tell us what security software had made the detection? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now