Vermilion Strike YARA rules

 Community Feature - @Arkbird_SOLG

Curated Intelligence's very own Malware Slayer™ - Arkbird_SOLG - recently published new YARA rules to help detect a new Linux re-implementation of Cobalt Strike, dubbed Vermilion Strike. Arkbird_SOLG has shared three YARA rules to detect this threat's components: the Vermilion Beacon, the ELF file, and Vermilion Stager.

Vermilion Strike is a fully undetected ELF variant of Cobalt Strike's Beacon. The malware was discovered by Intezer and was first uploaded to VirusTotal from a user in Malaysia. Intezer worked with McAfee's telemetry and uncovered that this Linux threat has been active in the wild since August targeting telecom companies, government agencies, IT companies, financial institutions and advisory companies around the world.

Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!