Full-Spectrum Cobalt Strike Detection [PDF]. Cobalt Strike’s wide functionality supports all phases of a network intrusion, from reconnaissance and initial access to credential dumping and d ata exfiltration. Even with its broad feature set, it is still common for threat actors to use Cobalt Strike in combination with other malware, like loaders, or to use Cobalt Strike to deliver ransomware. Cisco Talos reported that in the fourth quarter of 2020, 66% of all ransomware attacks involved Cobalt Strike.