I thought I would post a video of how you could leverage Jupyter Notebooks with PANDAS to create a dataframe/csv of Cobalt Strike Nodes.
In the video, we are leveraging the Reveal(x) Cyber range and the ThreatFox API to get a list of High Confidence (level 100) Cobalt Strike IPs. As you are aware, getting persistence with something like Cobalt Strike is an common early stage of a Ransomware attack.
If you wanted to just schedule this to run as a python cron job you could have continuously updated Cobalt Strike IPs.
While we prefer FalconX not everyone has budget for professionally curated Threat Intel. The ThreatFox API offers a nice compliment to our research team’s own curation of Threat Intel.
Thanks for watching!