ET Threatview.io High Confidence Cobalt Strike C2 IP group 11

SID: 2527010Rev: 1578336 viewsHistory
Sourceet/open
CreatedDecember 9, 2021
UpdatedApril 16, 2026
Classificationmisc-attack
alert ip [89.185.84.22,139.60.161.236,89.185.84.28,185.143.223.75,193.233.203.214,185.143.223.76,5.44.42.42,5.44.42.44,5.44.42.48,13.58.89.86,81.19.140.23,45.147.230.252,185.143.223.69,79.133.56.243,5.181.86.248,142.44.211.35,84.32.128.99,84.32.128.5,185.143.223.71,190.123.44.221,43.154.27.211,179.60.146.53,84.32.128.89,13.40.120.240,77.73.133.80,5.44.42.17,194.165.16.83,139.60.161.164,5.44.42.14,5.44.42.45,5.44.42.49,160.20.147.57,179.43.162.24,64.44.135.106,23.29.115.190,64.44.102.127,149.255.35.160,68.233.238.123,104.156.59.221,23.227.198.227,23.227.198.239,3.138.96.16,179.60.146.16,23.81.246.200,23.19.227.177,64.44.98.231,23.81.246.209,45.153.242.82,23.83.133.97,77.73.134.10] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 11"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527010; rev:1578; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_04_16;)

References

urlthreatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_04_16

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!