ET Threatview.io High Confidence Cobalt Strike C2 IP group 6

SID: 2527005Rev: 1621323 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [89.23.108.208,119.82.97.10,119.82.97.10,45.142.36.64,107.148.1.188,1.15.248.225,101.201.54.74,101.43.32.212,106.54.209.36,111.229.187.212,111.230.12.238,111.92.243.236,113.31.105.33,113.31.106.106,114.55.133.151,117.72.8.192,118.31.116.9,119.28.83.149,119.91.208.190,121.43.55.149,123.58.198.236,124.223.41.181,124.71.106.234,134.122.130.181,134.122.130.186,139.155.148.131,139.159.203.44,139.9.62.19,165.227.108.186,185.196.10.121,185.196.8.18,194.165.16.55,20.56.70.245,43.136.38.59,47.100.87.177,47.105.69.34,47.108.180.121,47.109.69.135,47.92.127.53,62.204.41.11,62.234.27.204,64.7.198.58,77.242.250.36,8.134.11.7,8.210.9.201,8.212.49.116,80.66.75.9,91.238.181.235,162.33.177.167,45.92.158.20] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 6"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527005; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!