Cobalt Strike C2 Servers Hunting

1. Leveraging Open Source Cyber Threat Intelligence feeds & scan results to hunt for Cobalt Strike C2 Servers:
2.  
3. C2IntelFeedsBot @drb_ra
4. https://twitter.com/drb_ra
5.  
6. cobaltstrikebot @cobaltstrikebot
7. https://twitter.com/cobaltstrikebot
8.  
9. MalwareBazaar Database tagged with Cobalt Strike
10. https://bazaar.abuse.ch/browse/tag/Cobalt%20Strike/
11.  
12. IronNet Threat Research @IronNetTR
13. https://github.com/IronNetCybersecurity/IronNetTR/tree/main/cobalt_strike
14.  
15. Alien Vault CobaltStrike IoCs
16. https://otx.alienvault.com/pulse/6033c1d8e87f4970f1dfdd59/
17.  
18. Shodan tagging #CobaltStrike Team Servers and parsing #Beacon configs
19. https://www.shodan.io/search?query=product%3A"Cobalt+Strike+Beacon"+country%3A"SG"
20.  
21. Quake 360 search for app: "Cobalt Strike团队服务器" AND country: "新加坡"
22. https://quake.360.cn/quake/#/searchResult?searchVal=app%3A%20%22Cobalt%20Strike%E5%9B%A2%E9%98%9F%E6%9C%8D%E5%8A%A1%E5%99%A8%22%20AND%20country%3A%20%22%E6%96%B0%E5%8A%A0%E5%9D%A1%22
23.  
24. ZoomEye "CobaltStrike Beacon configurations"
25. https://www.zoomeye.org/searchResult?q=%22CobaltStrike%20Beacon%20configurations%22%20%2Bcountry%3A%22SG%22
26.  
27. There are other paid sources such as: Recorded Future, BinaryEdge, Rapid7 Lab’s OpenData, GreyNoise, ReversingLabs, VirusTotal's Intelligence, Farsight DNS.
28.  
29. I will update this whenever I can find more good quality and free OSINT sources.
30.  
31. Cheers!
32. Douglas Mun