ET Threatview.io High Confidence Cobalt Strike C2 IP group 15

SID: 2527014Rev: 1621381 views
History
Sourceet/open
CreatedDecember 9, 2021
UpdatedMay 29, 2026
Classificationmisc-attack
alert ip [139.60.161.60,84.32.188.170,18.163.195.225,195.58.49.68,139.60.161.83,172.93.193.34,23.227.204.126,139.60.160.13,146.59.92.102,3.12.164.219,185.62.57.9,190.123.44.228,139.60.160.23,139.60.161.45,139.60.160.21,5.199.174.219,146.70.106.79,84.32.190.1,146.70.87.247,139.60.161.45,146.70.125.72,139.60.160.48,139.60.160.51,146.70.93.122,139.60.161.214,185.217.1.23,139.60.160.12,190.123.44.220,139.60.160.8,143.198.27.227,84.32.188.157,20.187.187.128,84.32.188.60,159.223.175.206,139.60.161.63,139.60.160.53,84.32.188.60,139.60.161.83,146.70.44.210,139.60.161.74,139.60.161.53,190.123.44.126,139.60.161.68,192.161.48.14,139.60.161.24,46.21.153.153,46.21.153.159,139.60.161.167,139.60.161.165,139.60.161.163] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 15"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527014; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

urlthreatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_05_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!