Back to Rule

Rule History

SID: 2527021 • Source: et/open

Versions (79)

Rev: 1621
May 29, 2026, 8:35 PM
Current
Rev: 1620
May 28, 2026, 9:09 PM
Archived
Rev: 1619
May 27, 2026, 9:21 PM
Archived
Rev: 1618
May 26, 2026, 8:12 PM
Archived
Rev: 1614
May 22, 2026, 8:34 PM
Archived
Rev: 1613
May 21, 2026, 9:34 PM
Archived
Rev: 1612
May 20, 2026, 8:35 PM
Archived
Rev: 1611
May 19, 2026, 8:34 PM
Archived
Rev: 1610
May 18, 2026, 9:34 PM
Archived
Rev: 1607
May 15, 2026, 8:34 PM
Archived
Rev: 1606
May 14, 2026, 10:34 PM
Archived
Rev: 1605
May 13, 2026, 9:35 PM
Archived
Rev: 1604
May 12, 2026, 9:34 PM
Archived
Rev: 1603
May 11, 2026, 9:35 PM
Archived
Rev: 1600
May 8, 2026, 9:35 PM
Archived
Rev: 1599
May 7, 2026, 8:34 PM
Archived
Rev: 1598
May 6, 2026, 9:34 PM
Archived
Rev: 1597
May 5, 2026, 9:34 PM
Archived
Rev: 1596
May 4, 2026, 8:35 PM
Archived
Rev: 1593
May 1, 2026, 8:34 PM
Archived
Rev: 1592
Apr 30, 2026, 9:34 PM
Archived
Rev: 1591
Apr 29, 2026, 9:34 PM
Archived
Rev: 1590
Apr 28, 2026, 8:35 PM
Archived
Rev: 1589
Apr 27, 2026, 10:34 PM
Archived
Rev: 1586
Apr 24, 2026, 8:35 PM
Archived
Rev: 1585
Apr 23, 2026, 9:34 PM
Archived
Rev: 1584
Apr 22, 2026, 9:34 PM
Archived
Rev: 1583
Apr 21, 2026, 9:34 PM
Archived
Rev: 1582
Apr 20, 2026, 9:34 PM
Archived
Rev: 1579
Apr 17, 2026, 9:34 PM
Archived
Rev: 1578
Apr 16, 2026, 9:34 PM
Archived
Rev: 1577
Apr 15, 2026, 9:34 PM
Archived
Rev: 1576
Apr 14, 2026, 9:34 PM
Archived
Rev: 1575
Apr 13, 2026, 9:34 PM
Archived
Rev: 1572
Apr 10, 2026, 6:35 PM
Archived
Rev: 1571
Apr 9, 2026, 9:35 PM
Archived
Rev: 1570
Apr 8, 2026, 9:34 PM
Archived
Rev: 1569
Apr 7, 2026, 8:34 PM
Archived
Rev: 1568
Apr 6, 2026, 9:34 PM
Archived
Rev: 1567
Apr 2, 2026, 9:34 PM
Archived
Rev: 1566
Apr 1, 2026, 9:34 PM
Archived
Rev: 1565
Mar 31, 2026, 9:35 PM
Archived
Rev: 1564
Mar 30, 2026, 9:34 PM
Archived
Rev: 1561
Mar 27, 2026, 8:34 PM
Archived
Rev: 1560
Mar 26, 2026, 8:34 PM
Archived
Rev: 1559
Mar 25, 2026, 8:34 PM
Archived
Rev: 1558
Mar 24, 2026, 9:34 PM
Archived
Rev: 1557
Mar 23, 2026, 9:34 PM
Archived
Rev: 1554
Mar 20, 2026, 9:34 PM
Archived
Rev: 1553
Mar 19, 2026, 9:34 PM
Archived
Rev: 1552
Mar 18, 2026, 8:34 PM
Archived
Rev: 1551
Mar 17, 2026, 9:34 PM
Archived
Rev: 1550
Mar 16, 2026, 9:34 PM
Archived
Rev: 1548
Mar 15, 2026, 2:34 AM
Archived
Rev: 1547
Mar 13, 2026, 8:34 PM
Archived
Rev: 1546
Mar 12, 2026, 8:34 PM
Archived
Rev: 1545
Mar 11, 2026, 9:34 PM
Archived
Rev: 1544
Mar 10, 2026, 8:34 PM
Archived
Rev: 1543
Mar 9, 2026, 8:34 PM
Archived
Rev: 1540
Mar 6, 2026, 10:34 PM
Archived
Rev: 1539
Mar 5, 2026, 11:34 PM
Archived
Rev: 1538
Mar 4, 2026, 9:34 PM
Archived
Rev: 1537
Mar 3, 2026, 10:34 PM
Archived
Rev: 1536
Mar 2, 2026, 10:34 PM
Archived
Rev: 1533
Feb 27, 2026, 9:34 PM
Archived
Rev: 1532
Feb 26, 2026, 9:34 PM
Archived
Rev: 1531
Feb 25, 2026, 10:34 PM
Archived
Rev: 1530
Feb 24, 2026, 4:34 PM
Archived
Rev: 1529
Feb 23, 2026, 10:34 PM
Archived
Rev: 1526
Feb 20, 2026, 10:34 PM
Archived
Rev: 1525
Feb 19, 2026, 10:34 PM
Archived
Rev: 1524
Feb 18, 2026, 10:34 PM
Archived
Rev: 1523
Feb 17, 2026, 10:34 PM
Archived
Rev: 1522
Feb 16, 2026, 10:35 PM
Archived
Rev: 1519
Feb 13, 2026, 10:34 PM
Archived
Rev: 1518
Feb 12, 2026, 10:34 PM
Archived
Rev: 1517
Feb 11, 2026, 10:34 PM
Archived
Rev: 1516
Feb 10, 2026, 11:34 PM
Archived
Rev: 1515
Feb 9, 2026, 10:34 PM
Archived

Version Details

Rev: 1516Dec 9, 2021, 12:00 PM

ET Threatview.io High Confidence Cobalt Strike C2 IP group 22

alert ip [165.227.85.160,167.99.197.196] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 22"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527021; rev:1516; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_02_10;)

Dec 9, 2021, 12:00 PM

Feb 10, 2026, 12:00 PM

Feb 9, 2026, 10:34 PM

Feb 10, 2026, 11:34 PM

Feb 11, 2026, 10:34 PM

rules/threatview_CS_c2.rules