Rule 2527001 - et/open

ET Threatview.io High Confidence Cobalt Strike C2 IP group 2

SID: 2527001Rev: 1536259 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMarch 2, 2026

Classificationmisc-attack

alert ip [47.120.46.230,47.120.70.161,47.121.137.8,47.121.29.60,47.93.28.103,59.110.28.230,60.205.139.210,72.146.31.117,72.146.31.117,72.146.31.117,72.146.31.117,8.137.114.210,8.137.149.67,8.137.149.67,8.137.149.67,8.138.167.123,8.138.222.215,8.147.128.54,8.152.99.85,8.153.205.30,8.153.97.202,8.159.146.72,8.219.76.168,83.229.123.61,83.229.126.183,46.3.112.104,154.92.15.229,175.24.155.13,110.242.69.30,94.74.164.177,87.251.67.85,82.156.156.160,8.155.0.238,8.152.99.85,8.148.194.157,8.147.128.54,8.138.222.215,8.138.167.123,8.137.114.210,8.130.80.145,8.130.26.216,68.64.176.42,47.98.134.252,47.121.135.201,47.116.208.81,47.113.186.138,47.110.67.64,47.109.48.57,47.105.36.109,45.58.56.34] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 2"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527001; rev:1536; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_03_02;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_03_02

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!