ET Threatview.io High Confidence Cobalt Strike C2 IP group 19

SID: 2527018Rev: 1621183 views
History
Sourceet/open
CreatedDecember 9, 2021
UpdatedMay 29, 2026
Classificationmisc-attack
alert ip [193.29.104.147,137.184.158.59,139.60.161.68,139.60.161.32,84.32.188.245,143.198.110.248,165.227.23.218,138.68.227.71,68.183.200.63,45.55.36.143,165.227.219.211,161.35.137.163,165.232.154.73,159.65.246.188,192.241.133.130,64.227.0.177,178.128.171.206,91.210.105.71,5.199.173.75,144.202.49.189,161.35.101.70,107.189.12.133,170.39.214.187,23.227.198.246,194.37.97.153,139.60.161.69,109.71.254.101,139.60.160.8,139.60.160.9,84.32.190.70,139.60.161.208,80.78.22.156,18.252.188.253,139.60.161.236,5.255.102.224,139.60.160.11,23.227.178.59,185.8.105.112,146.70.87.190,185.8.105.103,16.163.143.141,147.182.174.77,139.60.161.161,139.60.161.225,139.60.161.75,139.60.160.51,139.60.161.53,45.142.122.170,143.198.131.210,139.60.160.210] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 19"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527018; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

urlthreatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_05_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!