← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Cobalt Strike IOCs - 2026-01-24
WHITE pduggusa 2026-01-24 Modified: 2026-02-23
4
IOCs
LOW VOLUME
Automated ThreatFox hunt for Cobalt Strike indicators. 38 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1071.001, T1059.001, T1055, T1105, T1027. Reference: https://analytics.dugganusa.com
cobalt-strikethreatfoxautomated-huntpattern-49dugganusaapt29apt28fin7russia
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (4)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain flyingbbird.abc Cobalt Strike botnet_cc - ThreatFox ID: 1735555 2026-01-24
hostname skullcode.myddns.me Cobalt Strike botnet_cc - ThreatFox ID: 1735559 2026-01-24
hostname update.kernel-update.com Cobalt Strike botnet_cc - ThreatFox ID: 1736069 2026-01-24
hostname 1ljft17gwl.execute-api.ap-southeast-1.amazonaws.com Cobalt Strike botnet_cc - ThreatFox ID: 1736258 2026-01-24
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch