Skip to content

Commit

Permalink
Add version detection for Cobalt Strike 4.9 and 4.10
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunzheng
yunzheng committed Oct 14, 2024
1 parent 9a8a68f commit 41fcb04
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions dissect/cobaltstrike/version.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@
70: "Cobalt Strike 4.3 (Mar 03, 2021)",
73: "Cobalt Strike 4.5 (Dec 14, 2021)",
74: "Cobalt Strike 4.7 (Aug 17, 2022)",
76: "Cobalt Strike 4.9 (Sep 19, 2023)",
78: "Cobalt Strike 4.10 (Jul 16, 2024)",
}
""" Max setting enum to Cobalt Strike version mapping """

Expand Down Expand Up @@ -77,6 +79,12 @@
0x63EE0552: "Cobalt Strike 4.8 (Feb 28, 2023)",
0x63EE056C: "Cobalt Strike 4.8 (Feb 28, 2023)",
0x63EE0587: "Cobalt Strike 4.8 (Feb 28, 2023)",
0x64F88C5E: "Cobalt Strike 4.9 (Sep 19, 2023)",
0x64F88C9E: "Cobalt Strike 4.9 (Sep 19, 2023)",
0x64F88CDE: "Cobalt Strike 4.9 (Sep 19, 2023)",
0x6691500F: "Cobalt Strike 4.10 (Jul 16, 2024)",
0x66915020: "Cobalt Strike 4.10 (Jul 16, 2024)",
0x66915022: "Cobalt Strike 4.10 (Jul 16, 2024)",
}
""" PE export timestamp to Cobalt Strike version mapping """

Expand Down

0 comments on commit 41fcb04

Please sign in to comment.