ET Threatview.io High Confidence Cobalt Strike C2 IP group 18

SID: 2527017Rev: 1621162 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [47.90.202.152,13.55.118.253,139.60.160.8,101.32.204.81,23.224.152.138,115.29.171.175,77.83.36.54,193.112.148.243,82.156.241.148,120.26.240.21,134.209.92.85,165.227.180.6,175.41.16.98,121.37.255.60,101.34.182.130,152.136.178.142,193.29.13.216,47.243.22.29,139.198.183.44,81.71.77.164,139.155.190.213,47.243.22.29,81.71.77.164,139.155.190.222,146.70.44.155,185.112.83.65,89.45.4.99,51.254.159.98,18.253.112.0,84.32.190.33,3.237.99.150,3.13.126.118,139.60.161.85,139.60.161.225,139.60.160.8,176.58.98.206,84.32.188.93,139.60.160.50,139.60.160.53,139.60.161.216,139.60.160.52,84.32.188.29,5.39.221.57,78.128.112.199,23.227.203.40,143.198.131.210,18.117.254.165,194.5.212.192,139.60.161.84,139.60.161.57] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 18"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527017; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!