Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
https://www.exploit-db.com/exploits/42711/
https://github.com/GitHubAssessments/CVE_Assessments_01_2020
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies
https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html
https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report
https://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf