Using Jupyter, PANDAS and ThreatFox API to upload a list of Cobalt Strike Nodes

I thought I would post a video of how you could leverage Jupyter Notebooks with PANDAS to create a dataframe/csv of Cobalt Strike Nodes.

In the video, we are leveraging the Reveal(x) Cyber range and the ThreatFox API to get a list of High Confidence (level 100) Cobalt Strike IPs. As you are aware, getting persistence with something like Cobalt Strike is an common early stage of a Ransomware attack.

If you wanted to just schedule this to run as a python cron job you could have continuously updated Cobalt Strike IPs.

While we prefer FalconX not everyone has budget for professionally curated Threat Intel. The ThreatFox API offers a nice compliment to our research team’s own curation of Threat Intel.

Thanks for watching!

John Smith

Video Below:
Reveal(x) Cyber Range: ThreatFox API Integration (Cobalt Strike)

1 Like