Pulse Detail — Threat Intelligence

PULSE NAME

ThreatFox Hunt: Cobalt Strike IOCs - 2025-12-25

WHITE pduggusa 2025-12-25 Modified: 2026-01-24

IOCs

LOW VOLUME

Automated ThreatFox hunt for Cobalt Strike indicators. 35 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1071.001, T1059.001, T1055, T1105, T1027. Reference: https://analytics.dugganusa.com

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1071.001 T1059.001 T1055 T1105 T1027

MALWARE FAMILIES

Cobalt Strike

Indicators of Compromise (5)

All hostname domain

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	beixn.dy-store.tech	Cobalt Strike botnet_cc - ThreatFox ID: 1685189	2025-12-25
domain	meetol.sbs	Cobalt Strike botnet_cc - ThreatFox ID: 1685267	2025-12-25
hostname	domaingroup.eu.cc	Cobalt Strike botnet_cc - ThreatFox ID: 1685855	2025-12-25
domain	helpremote.cc	Cobalt Strike botnet_cc - ThreatFox ID: 1685856	2025-12-25
hostname	spectra.uaenorth.cloudapp.azure.com	Cobalt Strike botnet_cc - ThreatFox ID: 1685925	2025-12-25

References (2)

↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch