The Complete Guide to Hunting Cobalt Strike - Part 2: 10+ HuntSQL Recipes to Find Cobalt Strike

This Hunt.io guide presents 10+ HuntSQL™ recipes to detect, cluster, and track Cobalt Strike C2 infrastructure: it explains the enriched malware dataset fields (watermark, public_key, submit_uri, user_agent, sleeptime, spawn targets), provides concrete queries and example results (including statistics on ports, ASNs, and watermark prevalence), and demonstrates a profile-based hunt tied to a Lazarus-style Cobalt Strike configuration to help threat hunters map and prioritize active Cobalt Strike activity.