ET Threatview.io High Confidence Cobalt Strike C2 IP group 3

SID: 2527002Rev: 1621415 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [45.204.216.24,43.163.112.217,43.153.222.28,43.143.229.126,43.138.0.179,43.138.0.179,39.105.160.175,39.104.78.25,38.38.250.99,211.184.175.246,20.74.209.192,196.251.83.89,196.251.69.253,195.178.110.135,193.112.84.248,192.253.227.88,182.92.239.94,182.254.155.23,182.16.98.83,179.43.186.223,178.16.55.53,167.88.168.76,165.154.244.73,156.227.233.153,156.225.20.77,154.92.15.229,152.32.202.240,150.158.170.241,150.158.119.242,140.143.194.253,129.28.85.210,124.223.114.203,124.222.218.20,124.221.255.78,123.56.78.220,119.42.148.186,119.29.231.118,118.25.91.151,118.25.148.25,117.72.184.172,117.72.181.104,107.149.192.54,106.54.61.188,106.12.111.209,103.171.35.66,103.171.35.26,103.149.93.146,103.125.248.109,101.35.109.246,101.34.205.214] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 3"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527002; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!