Cobalt Strike IOC Feed
What is Cobalt Strike?
Cobalt Strike is a commercially available tool used by red teamers and penetration testers as an adversary simulation tool and post-exploitation framework. This tool is heavily used by malicious actors during active breaches. Detection of Cobalt Strike on a network is often an indicator that a ransomware deployment is imminent.
Cobalt Strike is primarily used by cybersecurity professionals to conduct ethical hacking exercises or red teaming engagements, in which they attempt to breach an organization’s defenses and identify vulnerabilities that could be exploited by real attackers. It can be used to test the security of network infrastructure, applications, and operating systems.
Automated Cobalt Strike Alerts in Microsoft Sentinel
PrecisionSec actively tracks ongoing Cobalt Strike malware campaigns. Samples are tracked using hash values (md5, sha256) and network telemetry and config data are extracted and added to our outgoing intelligence.
The data feeds seamlessly integrate with most major security products including MISP and Microsoft Sentinel. All PrecisionSec threat intelligence products include Cobalt Strike C2 and distribution IOCs with a subscription.
Recent Cobalt Strike IOCs
URL / IP / MD5 | Date Added |
---|---|
http://kzhjcax2.yt.lcycdn.xyz/en_US/all.js | 2024-12-22 00:06:09 |
http://27.106.99.36:80/iMBe | 2024-12-21 22:08:16 |
http://test.googlahub.xyz:8880/load | 2024-12-21 20:07:09 |
http://1.94.137.198:12000/__utm.gif | 2024-12-21 20:05:58 |
1.94.137.198 | 2024-12-21 20:05:56 |
http://124.222.59.8:8009/dpixel | 2024-12-21 16:06:06 |
124.222.59.8 | 2024-12-21 16:06:04 |
http://101.43.29.8/__utm.gif | 2024-12-21 12:07:06 |
118.25.91.151 | 2024-12-21 12:05:18 |
66.42.58.170 | 2024-12-21 07:39:41 |