← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Cobalt Strike IOCs - 2026-01-23
WHITE pduggusa 2026-01-23 Modified: 2026-02-22
8
IOCs
LOW VOLUME
Automated ThreatFox hunt for Cobalt Strike indicators. 41 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1071.001, T1059.001, T1055, T1105, T1027. Reference: https://analytics.dugganusa.com
cobalt-strikethreatfoxautomated-huntpattern-49dugganusaapt29apt28fin7russia
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (8)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://118.31.168.221:80/IQQr Cobalt Strike botnet_cc - ThreatFox ID: 1735047 2026-01-23
URL http://139.155.247.44:60055/ht7J Cobalt Strike botnet_cc - ThreatFox ID: 1735068 2026-01-23
hostname 95mfmnebv9a1r.cfc-execute.gz.baidubce.com Cobalt Strike botnet_cc - ThreatFox ID: 1735141 2026-01-23
hostname 7ynnkgq37bjrv.cfc-execute.bj.baidubce.com Cobalt Strike botnet_cc - ThreatFox ID: 1735177 2026-01-23
hostname easyrce.eu.org Cobalt Strike botnet_cc - ThreatFox ID: 1735407 2026-01-23
hostname xyt.cpolar.top Cobalt Strike botnet_cc - ThreatFox ID: 1735408 2026-01-23
domain flyingbbird.abc Cobalt Strike botnet_cc - ThreatFox ID: 1735555 2026-01-23
hostname skullcode.myddns.me Cobalt Strike botnet_cc - ThreatFox ID: 1735559 2026-01-23
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch