12 KiB
Before disabling any content in relation to this takedown notice, GitHub
- contacted the owners of some or all of the affected repositories to give them an opportunity to make changes.
- provided information on how to submit a DMCA Counter Notice.
To learn about when and why GitHub may process some notices this way, please visit our README.
Are you the copyright holder or authorized to act on the copyright owner's behalf?
Yes, I am authorized to act on the copyright owner's behalf.
Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.
[private] for Cobalt Strike at HelpSystems LLC
HelpSystems owns the Cobalt Strike brand and all related intellectual property
Please provide a detailed description of the original copyrighted work that has allegedly been infringed. If possible, include a URL to where it is posted online.
Cobalt Strike software
This includes (in the main repo below as well as the ones listed under forks), decompiled source code (Java) and/or cobaltstrike.jar (which is the jar file that contains the compiled classes) and/or other Cobalt Strike artifacts (specifically cobaltstrike.auth which is used to license the product and samples are often shared online to help bypass licensing).
What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL.
https://github.com/yeshuibo/CobaltstrikeSource (the entire repo contains decompile Java classes and the whole thing is infringing our copyright
Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down.
Note that while these are not all forks of the repository above, they are all separate repositories that contain either decompiled Cobalt Strike Java source code and/or cobaltstrike.jar and/or other Cobalt Strike artifacts. I'm including these here as instructed in the note above, rather than submitting multiple takedown notices:
The following repositories contain cracked copies of Cobalt Strike and/or decompiled Cobalt Strike Java code. In each case, the entire repository violates our copyright and needs to be taken down:
https://github.com/murray-sky/CobaltstrikeSource
https://github.com/murray-sky/uptmp
https://github.com/XRSec/Docker-CobaltStrike
https://github.com/b4sh1t1/Docker-CobaltStrike
https://github.com/bruto001/Docker-CobaltStrike
https://github.com/Conanjun/Docker-CobaltStrike
https://github.com/f1r4s/Docker-CobaltStrike
https://github.com/secau-perth/Docker-CobaltStrike
https://github.com/UCASZ/Docker-CobaltStrike
https://github.com/Young28Dos/CobaltStrike
https://github.com/Ondrik8/CobaltStrike-1
https://github.com/0ps/CobaltStrike-2
https://github.com/backlion/CobaltStrike-1
https://github.com/jermainlaforce/CobaltStrike-1
https://github.com/jywah/CobaltStrike
https://github.com/moonster77/CobaltStrike
https://github.com/cephurs/cobalt-strike-source-code-leak
https://github.com/5l1v3r1/cobalt-strike-source-code-leak
https://github.com/667-fluPE/cobalt-strike-source-code-leak
https://github.com/ActorExpose/cobalt-strike-source-code-leak
https://github.com/AHackerHub/cobalt-strike-source-code-leak
https://github.com/AnjaniGourisaria/cobalt-strike-source-code-leak
https://github.com/Anton19780301/cobalt-strike-source-code-leak
https://github.com/assessment-ux/cobalt-strike-source-code-leak
https://github.com/BettyNutz/cobalt-strike-source-code-leak
https://github.com/blackrabbit01/cobalt-strike-source-code-leak
https://github.com/caminante99/cobalt-strike-source-code-leak
https://github.com/cbk914/cobalt-strike-source-code-leak
https://github.com/celestialkey/cobalt-strike-source-code-leak
https://github.com/CrackerCat/cobalt-strike-source-code-leak
https://github.com/esk1llz/cobalt-strike-source-code-leak
https://github.com/firebitsbr/cobalt-strike-source-code-leak
https://github.com/Fosocles/cobalt-strike-source-code-leak
https://github.com/githubMerge/cobalt-strike-source-code-leak
https://github.com/Itsdaithi/cobalt-strike-source-code-leak
https://github.com/m0n0ph1/cobalt-strike-source-code-leak
https://github.com/nu1l1/cobalt-strike-source-code-leak
https://github.com/omnitheon/cobalt-strike-source-code-leak
https://github.com/Phuong39/cobalt-strike-source-code-leak
https://github.com/shiriskumar/cobalt-strike-source-code-leak
https://github.com/tehseensagar/cobalt-strike-source-code-leak
https://github.com/TWiZTeD22/cobalt-strike-source-code-leak
https://github.com/x1234xx/cobalt-strike-source-code-leak
https://github.com/matt-culbert/cobalt-strike-source-code-leak
https://github.com/prettyrecon/cobalt-strike-source-code-leak
https://github.com/jabriyel/cob
https://github.com/guoguogewangzi/hack_tools
https://github.com/incredibleindishell/cobalt-strike
As far as I can see (as it’s in Chinese), the folder “%E5%B7%A5%E5%85%B7/cs4.2/cs4.2no” (the top folder in each repository, then “cs4.2/cs4.2no”) in the following repositories contains copyrighted material. Nothing else in the repository infringes out copyright and nothing else needs to be removed. As requested, for clarification, here is a list of all of the files in the “cs4.2no” folder that infringe our copyright and which need to be removed (note that, as mentioned, this is literally the entire contents of that folder):
.DS_Store, .cobaltstrike.beacon_keys, agscript, c2lint, cobaltstrike, cobaltstrike.auth, cobaltstrike.bat, cobaltstrike.jar, cobaltstrike.store, icon.jpg, license.pdf, peclone, readme.txt, teamserver, update, update.jar, third-party/README.winvnc.txt, third-party/winvnc.x64.dll, third-party/winvnc.x86.dll
All of the files above (the entire contents of the cs4.2no folder) need to be taken down. Nothing else in the rest of the repository needs to be removed. Just that folder and its contents.
https://github.com/xzblueidea/record
https://github.com/lhaizhu/record
https://github.com/maybefenng/record
https://github.com/ShawPandora/record
https://github.com/SHIXUANYUE/record
https://github.com/SOMEalong/record
https://github.com/SWXG00/record
The folders “client/opt/cobaltstrike” and “server/opt/cobaltstrike” in the following repositories contain copyrighted material. As requested, for clarification, here is a list of all of the files that infringe our copyright and which need to be removed:
server/opt/cobaltstrike/agscript, server/opt/cobaltstrike/c2lint, server/opt/cobaltstrike/cobaltstrike, server/opt/cobaltstrike/cobaltstrike.auth, server/opt/cobaltstrike/cobaltstrike.jar, server/opt/cobaltstrike/cobaltstrike.store, server/opt/cobaltstrike/peclone, server/opt/cobaltstrike/start.sh, server/opt/cobaltstrike/teamserver, client/opt/cobaltstrike/agscript, client/opt/cobaltstrike/c2lint, client/opt/cobaltstrike/cobaltstrike, client/opt/cobaltstrike/cobaltstrike.auth, client/opt/cobaltstrike/cobaltstrike.jar, client/opt/cobaltstrike/cobaltstrike.store, client/opt/cobaltstrike/peclone, client/opt/cobaltstrike/start.sh, client/opt/cobaltstrike/teamserver, client/opt/cobaltstrike/third-party/README.winvnc.txt, client/opt/cobaltstrike/third-party/winvnc.x64.dll, client/opt/cobaltstrike/third-party/winvnc.x86.dll, client/opt/cobaltstrike/third-party/winvnc.x86.dll.bak, client/opt/cobaltstrike/artifactkit/dist-pipe/artifact.cna, client/opt/cobaltstrike/artifactkit/src-common/bypass-peek.c, client/opt/cobaltstrike/artifactkit/src-common/bypass-pipe.c, client/opt/cobaltstrike/artifactkit/src-common/bypass-readfile.c, client/opt/cobaltstrike/artifactkit/src-common/bypass-template.c, client/opt/cobaltstrike/artifactkit/src-common/injector.c, client/opt/cobaltstrike/artifactkit/src-common/patch.c, client/opt/cobaltstrike/artifactkit/src-common/patch.h, client/opt/cobaltstrike/artifactkit/src-common/start_thread.c, client/opt/cobaltstrike/artifactkitsrc-main/dllmain.c, client/opt/cobaltstrike/artifactkitsrc-main/dllmain.def, client/opt/cobaltstrike/artifactkitsrc-main/icon.ico, client/opt/cobaltstrike/artifactkitsrc-main/main.c, client/opt/cobaltstrike/artifactkitsrc-main/svcmain.c
The rest of the repository in each case is unrelated to Cobalt Strike and does not need to be removed:
https://github.com/imperator6000/ukn0w
https://github.com/jimmwayans/ukn0w
https://github.com/JMMlw/ukn0w
https://github.com/Maxx3r/ukn0w
https://github.com/Mirddinhell/ukn0w
https://github.com/MMAAAXXXX/ukn0w
https://github.com/nf3xn/ukn0w
https://github.com/Phuong39/ukn0w
https://github.com/raystyle/ukn0w
https://github.com/TAI-REx/ukn0w
https://github.com/Und3rf10w/ukn0w
https://github.com/Wiskey-farketmez/ukn0w
https://github.com/f1r4s/ukn0w
This repository contains a copy of the product (CobaltStrike_4.1.zip) in the folder below that needs to be removed. The rest of the repository appears to be unrelated:
9b569ae296/back
These repositories contain Cobalt Strike licensing material (cobaltstrike.auth and authkey.pub) and a class used in the licensing process (AuthCrypto.class). They are obviously used to bypass licensing and the repositories need to be taken down:
https://github.com/badboycxcc/cobaltstrike4.3
https://github.com/lnaphade/cobaltstrike4.3
This repository contains Cobalt Strike licensing material (cobaltstrike.auth and authkey.pub) that are used to crack/bypass Cobalt Strike licensing. The rest of the repository doesn't appear to contain any other copyrighted material so just those files need taking down:
ef34c1bfa7/files
This repository contains a number of sensitive Cobalt Strike files, including licensing material, scripts used to bypass licensing in the main software, and other artifacts (the readme, for example!). The whole repository should be taken down:
https://github.com/andromeda-rt/boc
Is the work licensed under an open source license? If so, which open source license? Are the allegedly infringing files being used under the open source license, or are they in violation of the license?
The work is not licensed as open source. It is violating the terms of the commercial license.
What would be the best solution for the alleged infringement? Are there specific changes the other person can make other than removal? Can the repository be made private?
Complete removal of all repositories noted above, except for the repositories where I’ve referenced the specific files/folders that need to be removed.
Do you have the alleged infringer’s contact information? If so, please provide it.
I do not have it.
I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.
I have taken fair use into consideration.
I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.
I have read and understand GitHub's Guide to Submitting a DMCA Takedown Notice.
So that we can get back to you, please provide either your telephone number or physical address.
I work from home and as such, don't want to provide personal details. Email would be preferable if possible. Work related contact information is as follows:
Address c/o:
HelpSystems
[private]
[private]
[private]
[private]
[private]
[private]
Please type your full legal name below to sign this request.
[private]