SECURELIST
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
HIGH SharkLoader Cobalt Strike Microsoft Exchange initial access exploitation
Strategic summary
A previously undocumented malware family (SharkLoader) is being deployed in a multinational campaign targeting government and diplomatic organizations to deliver Cobalt Strike Beacon; the threat actor leverages publicly available exploits against internet-facing applications such as Microsoft Exchange and SharePoint.
Relevance for you
A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.
Risk score
Review required 12
- cvss base
- 0.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 15.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
- consensus penalty
- -8.00
Path: operational
Consensus check
The pipeline self-checks before delivery. These rules lowered the score:
-
VENDOR_MISMATCHVendor not found in alert title −5 -
TTP_SKIPPEDTTP mapping skipped (placeholder or aggregation article) −3
- Consensus penalty:
- −8.0
- Total penalty:
- −8.0