ET Threatview.io High Confidence Cobalt Strike C2 IP group 21

SID: 2527020Rev: 1621136 views
History
Sourceet/open
CreatedDecember 9, 2021
UpdatedMay 29, 2026
Classificationmisc-attack
alert ip [18.64.229.146,217.79.243.148,194.37.97.153,168.61.180.98,144.217.207.19,149.255.35.131,193.201.9.229,104.128.92.144,137.184.98.78,38.132.122.216,146.70.24.135,146.70.24.145,185.244.150.102,139.60.161.45,5.39.223.130,143.110.233.88,51.79.161.200,104.156.63.145,23.227.190.205,164.90.154.97,3.20.104.56,18.217.66.68,104.128.92.144,40.69.35.53,54.193.134.191,8.210.194.59,167.99.80.207,144.217.207.19,139.155.190.84,82.156.241.148,81.70.229.78,82.156.2.25,52.175.122.61,47.102.117.86,23.224.70.227,39.99.173.55,139.198.174.135,139.198.181.156,132.232.40.201,139.198.108.26,111.230.198.142,106.54.69.144,1.117.154.185,111.229.51.128,139.155.190.117,168.61.180.98,23.224.152.138,23.224.152.138,104.243.41.123,106.55.153.204] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 21"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527020; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

urlthreatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_05_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!