Cobalt Strike IOC Feed

Cobalt Strike is an adversary simulation tool used by penetration testers and malicious adversaries alike. PrecisionSec provides a curated Cobalt Strike IOC Feed which is included in all intel subscriptions.

What is Cobalt Strike?

Cobalt Strike is a commercially available tool used by red teamers and penetration testers as an adversary simulation tool and post-exploitation framework. This tool is heavily used by malicious actors during active breaches. Detection of Cobalt Strike on a network is often an indicator that a ransomware deployment is imminent.

Cobalt Strike is primarily used by cybersecurity professionals to conduct ethical hacking exercises or red teaming engagements, in which they attempt to breach an organization’s defenses and identify vulnerabilities that could be exploited by real attackers. It can be used to test the security of network infrastructure, applications, and operating systems.

Cobalt Strike Operator Interface

Automated Cobalt Strike Alerts in Microsoft Sentinel

PrecisionSec actively tracks ongoing Cobalt Strike malware campaigns. Samples are tracked using hash values (md5, sha256) and network telemetry and config data are extracted and added to our outgoing intelligence.

The data feeds seamlessly integrate with most major security products including MISP and Microsoft Sentinel. All PrecisionSec threat intelligence products include Cobalt Strike C2 and distribution IOCs with a subscription.

 

Recent Cobalt Strike IOCs

Here are some recent Cobalt Strike IOCs from our threat feed. For live data updated every minute, including command & control (C2) data, please sign up for a free trial.

URL / IP / MD5 Date Added
http://kzhjcax2.yt.lcycdn.xyz/en_US/all.js 2024-12-22 00:06:09
http://27.106.99.36:80/iMBe 2024-12-21 22:08:16
http://test.googlahub.xyz:8880/load 2024-12-21 20:07:09
http://1.94.137.198:12000/__utm.gif 2024-12-21 20:05:58
1.94.137.198 2024-12-21 20:05:56
http://124.222.59.8:8009/dpixel 2024-12-21 16:06:06
124.222.59.8 2024-12-21 16:06:04
http://101.43.29.8/__utm.gif 2024-12-21 12:07:06
118.25.91.151 2024-12-21 12:05:18
66.42.58.170 2024-12-21 07:39:41

Ready to see all of our data?

If you’re ready to take a look at our full set of data, click below to start your 15-day Free Trial.