Full Report
2025-06-15 • Positive Technologies • Stanislav Pyzhov, Vladislav Lunin • win.cobalt_strike Open article on Malpedia
Analysis Summary
The provided article description is extremely minimal and primarily serves as a title, author/organization citation, and links to external resources (Malpedia, Positive Technologies). It does **not** contain the necessary details (historical campaigns, TTPs, targeting, motivations, etc.) to populate the requested structured threat actor summary format comprehensively, beyond the primary actor names themselves.
Based *only* on the provided context, the summary will be heavily populated with "Information not available in the provided context."
---
# Threat Actor: Team46 / TaxOff
## Attribution & Identity
The actors discussed are designated as **Team46** and **TaxOff**, suggested to be "two sides of the same coin" by the reporting organization, Positive Technologies. Further attribution details (e.g., nation-state linkage) are not specified in the context.
## Activity Summary
The article focuses on the relationship between two entities, Team46 and TaxOff. Specific campaigns or operations are not detailed in this summary context.
## Tactics, Techniques & Procedures
- **Known Associated Malware:** The context links to information regarding **win.cobalt_strike**, suggesting its use by one or both entities.
- Specific TTP details are not available in the provided context.
## Targeting
- Sectors: Information not available in the provided context.
- Geography: Information not available in the provided context.
- Victims: Information not available in the provided context.
## Tools & Infrastructure
- Malware families used: win.cobalt_strike (implied association).
- Infrastructure (C2, domains, IPs): Information not available in the provided context.
## Implications
The analysis from Positive Technologies suggests an intrinsic link between Team46 and TaxOff, which may require defenders to correlate activity across these two perceived entities for effective tracking and mitigation.
## Mitigations
Specific mitigations related to Team46/TaxOff TTPs are not available in the provided context. (General Cobalt Strike detection and mitigation is advised based on tool association.)