During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like. And time is not on your side.
Cobalt Strike is essentially a tool that is used for red teaming – an attack simulation that helps to closely simulate the processes of a real attack. The responsible departments within a company that has commissioned the simulation are informed and the use of the tool is authorized. However, since various versions of this tool have fallen into the hands of criminals, Cobalt Strike is also often used for real attacks by criminals.