The article analyzes the Secp0 ransomware, which emerged in early 2025 and operates as conventional double-extortion ransomware, encrypting data while threatening public disclosure, targeting Linux systems.

This second part will focus on the 'jump' command in Cobalt Strike, used to establish a connection from a compromised system to the command and control (C2) server.

Cobalt Strike Investigation - Part 1