ET Threatview.io High Confidence Cobalt Strike C2 IP group 7

SID: 2527006Rev: 1621377 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [185.196.8.18,8.212.44.149,185.196.8.18,42.194.227.91,154.8.187.177,149.104.30.191,179.60.147.175,3.22.66.152,64.225.12.181,45.121.48.43,185.3.45.6,185.3.45.6,24.137.215.164,185.3.45.6,159.65.150.184,64.225.12.181,164.90.169.184,64.225.12.181,8.219.229.99,64.225.12.181,85.25.246.170,45.148.244.206,3.66.49.194,5.188.87.54,44.227.76.166,82.157.149.194,3.66.49.194,82.157.149.194,179.60.147.175,3.22.66.152,3.66.49.194,163.5.169.23,64.225.12.181,45.121.48.43,134.209.92.85,185.3.45.6,185.3.45.6,3.66.49.194,24.137.215.164,185.3.45.6,159.65.150.184,163.5.169.23,163.5.169.23,64.225.12.181,164.90.169.184,64.225.12.181,3.66.49.194,8.219.229.99,64.225.12.181,62.138.6.20] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 7"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527006; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!