Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Leveraging Open Source Cyber Threat Intelligence feeds & scan results to hunt for Cobalt Strike C2 Servers:
- C2IntelFeedsBot @drb_ra
- https://twitter.com/drb_ra
- cobaltstrikebot @cobaltstrikebot
- https://twitter.com/cobaltstrikebot
- MalwareBazaar Database tagged with Cobalt Strike
- https://bazaar.abuse.ch/browse/tag/Cobalt%20Strike/
- IronNet Threat Research @IronNetTR
- https://github.com/IronNetCybersecurity/IronNetTR/tree/main/cobalt_strike
- Alien Vault CobaltStrike IoCs
- https://otx.alienvault.com/pulse/6033c1d8e87f4970f1dfdd59/
- Shodan tagging #CobaltStrike Team Servers and parsing #Beacon configs
- https://www.shodan.io/search?query=product%3A"Cobalt+Strike+Beacon"+country%3A"SG"
- Quake 360 search for app: "Cobalt Strike团队服务器" AND country: "新加坡"
- https://quake.360.cn/quake/#/searchResult?searchVal=app%3A%20%22Cobalt%20Strike%E5%9B%A2%E9%98%9F%E6%9C%8D%E5%8A%A1%E5%99%A8%22%20AND%20country%3A%20%22%E6%96%B0%E5%8A%A0%E5%9D%A1%22
- ZoomEye "CobaltStrike Beacon configurations"
- https://www.zoomeye.org/searchResult?q=%22CobaltStrike%20Beacon%20configurations%22%20%2Bcountry%3A%22SG%22
- There are other paid sources such as: Recorded Future, BinaryEdge, Rapid7 Lab’s OpenData, GreyNoise, ReversingLabs, VirusTotal's Intelligence, Farsight DNS.
- I will update this whenever I can find more good quality and free OSINT sources.
- Cheers!
- Douglas Mun
Add Comment
Please, Sign In to add comment