ET Threatview.io High Confidence Cobalt Strike C2 IP group 4

SID: 2527003Rev: 1621380 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [101.32.109.112,1.15.174.189,103.73.66.43,222.255.214.236,83.229.126.65,83.229.126.65,81.71.159.99,81.70.255.195,81.69.98.230,8.210.78.137,8.153.205.30,8.140.239.162,8.140.239.162,61.166.154.109,60.204.169.16,59.110.7.32,49.235.177.231,47.93.28.103,47.90.142.15,47.243.175.24,47.239.188.48,47.122.30.177,47.122.1.243,47.121.137.8,47.120.70.161,47.116.208.81,47.113.186.138,47.111.146.110,47.111.146.110,47.110.67.64,47.109.145.121,47.107.136.106,47.100.168.4,45.58.56.34,45.115.236.152,43.153.222.28,43.139.169.60,43.139.146.100,43.133.41.106,42.192.49.72,39.107.85.83,39.106.144.162,39.105.165.37,38.190.224.63,222.255.214.236,192.252.187.60,182.16.98.84,182.16.98.83,178.16.55.53,178.16.52.194] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 4"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527003; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!