ET Threatview.io High Confidence Cobalt Strike C2 IP group 8

SID: 2527007Rev: 1621317 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [3.66.49.194,5.188.87.54,77.242.250.36,82.157.149.194,3.66.49.194,82.157.149.194,5.188.86.24,5.188.86.24,164.92.150.47,161.35.24.190,47.242.158.114,185.81.68.90,134.209.164.110,154.83.17.116,159.203.95.49,77.242.250.36,146.190.145.40,82.157.149.194,44.204.120.159,178.128.79.94,154.83.17.116,154.83.17.116,82.157.149.194,134.209.164.110,192.3.76.67,103.146.141.98,138.197.92.163,77.242.250.36,104.168.48.208,154.83.17.116,138.197.92.163,77.242.250.36,103.146.141.98,104.168.48.208,103.146.141.98,194.50.153.20,194.50.153.19,74.119.239.234,194.50.153.12,74.119.239.234,194.50.153.39,194.50.153.20,13.55.24.36,194.50.153.19,18.220.154.157,3.77.8.200,91.238.181.250,91.238.181.247,109.206.243.96,34.224.154.88] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 8"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527007; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!