← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ThreatFox Hunt: Cobalt Strike IOCs - 2026-02-05
WHITE pduggusa 2026-02-05 Modified: 2026-03-07
10
IOCs
LOW VOLUME
Automated ThreatFox hunt for Cobalt Strike indicators. 55 IOCs collected via Pattern 49 intelligence streaming. MITRE ATT&CK: T1071.001, T1059.001, T1055, T1105, T1027. Reference: https://analytics.dugganusa.com
cobalt-strikethreatfoxautomated-huntpattern-49dugganusaapt29apt28fin7russia
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (10)
All URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://185.242.233.142:7877/jquery-3.3.1.min.js Cobalt Strike botnet_cc - ThreatFox ID: 1741013 2026-02-05
hostname api.cloudtrafficservice.com Cobalt Strike botnet_cc - ThreatFox ID: 1741129 2026-02-05
hostname www.zyhservers.top Cobalt Strike botnet_cc - ThreatFox ID: 1741131 2026-02-05
hostname fa3276a2e41147eb84cce772fb791658--8000.ap-shanghai2.cloudstudio.club Cobalt Strike botnet_cc - ThreatFox ID: 1741189 2026-02-05
hostname 2458ccd60cc54149bb05537717d831f0--8000.ap-shanghai2.cloudstudio.club Cobalt Strike botnet_cc - ThreatFox ID: 1741352 2026-02-05
hostname ts.008642.xyz Cobalt Strike botnet_cc - ThreatFox ID: 1741353 2026-02-05
domain win-system-diag.tech Cobalt Strike botnet_cc - ThreatFox ID: 1741354 2026-02-05
hostname safe-dns.it.com Cobalt Strike botnet_cc - ThreatFox ID: 1741954 2026-02-05
hostname self-dns.it.com Cobalt Strike botnet_cc - ThreatFox ID: 1741955 2026-02-05
hostname cdncheck.it.com Cobalt Strike botnet_cc - ThreatFox ID: 1741956 2026-02-05
References (2)
↗ https://analytics.dugganusa.com/api/v1/stix-feed/v2 ↗ https://threatfox.abuse.ch