ET Threatview.io High Confidence Cobalt Strike C2 IP group 12

SID: 2527011Rev: 1621405 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [23.19.58.94,3.145.10.52,139.60.161.99,87.246.7.38,84.32.128.5,84.32.128.7,23.227.198.246,13.40.120.240,23.227.198.246,23.224.152.138,194.37.97.153,149.255.35.131,194.165.16.53,179.60.146.52,188.166.16.172,139.60.161.236,139.60.161.236,217.79.243.148,179.60.146.34,139.60.161.236,34.92.131.12,198.98.53.34,42.192.21.181,95.216.207.130,154.22.117.31,87.246.7.38,179.60.146.52,45.153.241.88,84.32.188.142,13.40.120.240,84.32.188.25,178.208.94.214,179.60.146.34,178.208.94.214,23.108.57.211,3.13.126.118,108.62.118.65,139.60.161.47,139.60.161.162,213.227.154.100,137.184.139.189,84.32.188.210,179.43.162.24,185.240.34.10,18.222.8.93,23.227.198.227,194.37.97.146,23.227.198.239,37.252.9.42,172.93.181.165] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 12"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527011; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!