{"id":42158,"date":"2021-08-05T14:05:26","date_gmt":"2021-08-05T14:05:26","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32535\/Critical-Cobalt-Strike-Bug-Leaves-Botnet-Servers-Vulnerable-To-Takedown.html"},"modified":"2021-08-05T14:05:26","modified_gmt":"2021-08-05T14:05:26","slug":"critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/","title":{"rendered":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/08\/GettyImages_computer-error_CROPPED-800x494.jpeg\" alt=\"You did a bad bad thing.\"><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/08\/GettyImages_computer-error_CROPPED.jpeg\" class=\"enlarge-link\" data-height=\"613\" data-width=\"993\">Enlarge<\/a> <span class=\"sep\">\/<\/span> You did a bad bad thing.<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"10 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">10<\/span> <span class=\"visually-hidden\"> with 10 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 1035:single\/related:8e5f016cf80bcea8afad75c648985aa7 --><!-- empty --><\/p>\n<p>Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday.<\/p>\n<p><a href=\"https:\/\/www.cobaltstrike.com\/\">Cobalt Strike<\/a> is a legitimate security tool used by penetration testers to emulate malicious activity in a network. Over the past few years, malicious hackers\u2014working on behalf of a nation-state or in search of profit\u2014have <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/cobalt-strike-favorite-tool-apt-crimeware\">increasingly embraced the software<\/a>. For both defender and attacker, Cobalt Strike provides a soup-to-nuts collection of software packages that allow infected computers and attacker servers to interact in highly customizable ways.<\/p>\n<p>The main components of the security tool are the Cobalt Strike client\u2014also known as a Beacon\u2014and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific \u201cmalleability\u201d customizations, such as how often the client is to report to the server or specific data to periodically send.<\/p>\n<p>Then the attacker installs the client on a targeted machine after exploiting a vulnerability, tricking the user or gaining access by other means. From then on, the client will use those customizations to maintain persistent contact with the machine running the Team Server.<\/p>\n<p>The link connecting the client to the server is called the web server thread, which handles communication between the two machines. Chief among the communications are \u201ctasks\u201d servers send to instruct clients to run a command, get a process list, or do other things. The client then responds with a \u201creply.\u201d<\/p>\n<h2>Feeling the squeeze<\/h2>\n<p>Researchers at security firm SentinelOne recently found a critical bug in the Team Server that makes it easy to permanently knock the server offline. The bug works by sending a server fake replies that \u201csqueeze every bit of available memory from the C2\u2019s web server thread,\u201d SentinelOne researcher Gal Kristol wrote in a <a href=\"https:\/\/labs.sentinelone.com\/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations\/\">post<\/a>.<\/p>\n<p>Kristol went on to write:<\/p>\n<blockquote>\n<p>This would allow an attacker to cause memory exhaustion in the Cobalt Strike server (the \u201cTeamserver\u201d) making the server unresponsive until it\u2019s restarted. This means that live Beacons cannot communicate to their C2 until the operators restart the server.<\/p>\n<p>Restarting, however, won\u2019t be enough to defend against this vulnerability as it is possible to repeatedly target the server until it is patched or the Beacon\u2019s configuration is changed.<\/p>\n<p>Either of these will make the existing live Beacons obsolete as they\u2019ll be unable to communicate with the server until they\u2019re updated with the new configuration. Therefore, this vulnerability has the potential to severely interfere with ongoing operations.<\/p>\n<\/blockquote>\n<p>All that\u2019s needed to perform the attack is to know some of the server configurations. These settings are sometimes embedded in malware samples available from services such as VirusTotal. The configurations are also obtainable by anyone with physical access to an infected client.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<h2>Black hats, beware<\/h2>\n<p>To make the process easier, Sentinel One published a <a href=\"https:\/\/github.com\/Sentinel-One\/CobaltStrikeParser\">parser<\/a> that captures configurations obtained from malware samples, memory dumps, and sometimes the URLs that clients use to connect to servers. Once in possession of the settings, an attacker can use a communication module included with the parser to masquerade as a Cobalt Strike client that belongs to the server.<\/p>\n<p>In all, the tool has:<\/p>\n<ul>\n<li aria-level=\"1\">Parsing of a Beacon\u2019s embedded Malleable profile instructions<\/li>\n<li aria-level=\"1\">Parsing of a Beacon\u2019s configuration directly from an active C2 (like the popular&nbsp;<a href=\"https:\/\/github.com\/whickey-r7\/grab_beacon_config\/blob\/main\/grab_beacon_config.nse\" target=\"_blank\" rel=\"noopener noreferrer\">nmap script<\/a>)<\/li>\n<li aria-level=\"1\">Basic code for communicating with a C2 as a fake Beacon<\/li>\n<\/ul>\n<p>The fake client can then send the server replies, even when the server sent no corresponding task first. A bug, tracked as CVE-2021-36798, in the Team Server software prevents it from rejecting replies that contain malformed data. An example is the data accompanying a screenshot the client uploads to the server.<\/p>\n<p>\u201cBy manipulating the screenshot\u2019s size we can make the server allocate an arbitrary size of memory, the size of which is totally controllable by us,\u201d Kristol wrote. \u201cBy combining all the knowledge of Beacon communication flow with our configuration parser, we have all we need to fake a Beacon.\u201d<\/p>\n<p>While it\u2019s true that exploits can be used against white hat and black hat hackers alike, the latter category is likely to be most threatened by the vulnerability. That\u2019s because most professional security defenders pay for licenses to use Cobalt Strike, while many malicious hackers, by contrast, obtain pirated versions of the software.<\/p>\n<p>A patch made available by Cobalt Strike creator HelpSystems will take time before it\u2019s leaked to people pirating the software. It\u2019s available to license holders now.<\/p>\n<p><em>Listing image by <a href=\"https:\/\/www.gettyimages.com\/\">Getty Images<\/a><\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32535\/Critical-Cobalt-Strike-Bug-Leaves-Botnet-Servers-Vulnerable-To-Takedown.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42159,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9547],"class_list":["post-42158","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerbotnetflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-05T14:05:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"494\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown\",\"datePublished\":\"2021-08-05T14:05:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/\"},\"wordCount\":802,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg\",\"keywords\":[\"headline,hacker,botnet,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/\",\"name\":\"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg\",\"datePublished\":\"2021-08-05T14:05:26+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg\",\"width\":800,\"height\":494},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,botnet,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerbotnetflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/","og_locale":"en_US","og_type":"article","og_title":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-05T14:05:26+00:00","og_image":[{"width":800,"height":494,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown","datePublished":"2021-08-05T14:05:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/"},"wordCount":802,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg","keywords":["headline,hacker,botnet,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/","url":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/","name":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg","datePublished":"2021-08-05T14:05:26+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown.jpg","width":800,"height":494},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,botnet,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerbotnetflaw\/"},{"@type":"ListItem","position":3,"name":"Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42158"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42158\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42159"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}