ET Threatview.io High Confidence Cobalt Strike C2 IP group 5

SID: 2527004Rev: 1621400 views
History
Sourceet/open
CreatedDecember 9, 2021
UpdatedMay 29, 2026
Classificationmisc-attack
alert ip [172.245.215.43,165.154.125.212,156.245.248.173,156.233.233.134,154.201.91.224,154.201.74.112,152.32.251.78,152.136.139.105,140.143.194.253,139.196.126.161,134.122.140.185,129.204.103.151,124.223.47.219,124.223.199.39,124.221.32.87,124.220.48.168,124.220.164.98,121.41.167.80,121.40.18.128,120.48.50.33,119.45.29.172,118.25.91.151,118.25.85.198,117.72.214.50,117.72.206.39,117.72.184.172,117.72.175.125,117.72.102.110,116.62.226.163,116.198.233.179,115.190.178.249,114.132.150.96,110.40.176.194,106.75.224.31,106.75.224.31,106.75.215.96,106.52.208.143,106.13.137.229,103.73.66.43,101.43.91.156,101.43.2.116,101.133.148.66,1.15.25.148,1.15.25.148,185.208.159.156,162.251.94.192,147.45.178.94,185.143.223.43,91.238.181.235,119.82.97.10] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 5"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527004; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

urlthreatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_05_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!