ET Threatview.io High Confidence Cobalt Strike C2 IP group 17

SID: 2527016Rev: 1621516 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [84.32.188.130,84.32.188.190,47.95.207.79,116.62.185.223,45.12.1.25,107.173.89.148,45.12.1.26,185.186.143.111,45.8.158.25,137.184.42.85,13.55.118.253,18.117.254.165,101.32.204.81,149.255.35.131,84.32.188.104,115.29.171.175,45.12.1.24,37.72.172.110,47.90.202.152,81.68.225.136,139.60.160.8,192.227.155.185,23.224.70.227,43.129.7.189,77.83.36.54,23.224.152.139,146.70.29.233,82.156.241.148,107.172.219.129,120.26.240.21,175.41.21.29,101.34.182.130,121.37.255.60,134.209.92.85,152.136.178.142,62.113.255.12,165.227.180.6,138.68.110.227,139.198.183.44,47.243.22.29,193.29.13.216,1.14.76.111,111.230.196.200,107.173.89.148,137.184.42.85,84.32.188.130,45.12.1.24,18.117.254.165,47.95.207.79,149.255.35.131] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 17"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527016; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!