We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:PowerShell/CobaltStrike
Aliases: No associated aliases
Summary
This is a detection for the PowerShell script responsible for downloading the Cobalt Strike loader from an .onion website or other intended malicious URL.
Cobalt Strike is a commercially available penetration testing tool used for adversary simulation. It’s also known for being used by threat actors in various campaigns and found in many pre-ransomware incidents.
Read the following blogs for details:
Users can take the following steps to mitigate the threat:
- Change credentials for compromised accounts
- Look into the compromised accounts for any malware content or activity.
- Disconnect it from the local area network (LAN) or other networks.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
