ET Threatview.io High Confidence Cobalt Strike C2 IP group 1

SID: 2527000Rev: 1621395 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [106.12.219.245,106.13.29.104,106.38.201.95,106.75.162.108,106.75.215.96,106.75.224.31,107.149.192.54,107.150.105.91,111.228.55.96,111.92.243.40,113.44.67.52,115.120.245.134,115.190.160.206,115.190.161.178,115.190.233.79,116.198.233.179,117.72.102.110,117.72.178.246,117.72.178.246,117.72.181.104,117.72.242.9,120.48.168.57,121.40.18.128,122.51.93.94,134.122.140.185,139.196.223.82,139.196.41.201,139.224.16.185,14.103.175.50,150.187.25.242,152.32.202.240,152.32.251.78,154.201.74.112,154.201.74.112,154.201.74.112,179.43.186.214,180.76.141.175,192.140.176.79,36.140.162.173,38.49.57.15,39.104.78.25,39.105.165.37,39.98.48.153,45.115.236.152,47.101.152.28,47.105.36.109,47.107.136.106,47.109.145.121,47.109.198.8,47.109.48.57] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 1"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527000; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!