Rule 2527017 - et/open

ET Threatview.io High Confidence Cobalt Strike C2 IP group 18

SID: 2527017Rev: 144526 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedDecember 1, 2025

Classificationmisc-attack

alert ip [109.71.254.101,139.60.160.8,139.60.160.9,84.32.190.70,139.60.161.208,80.78.22.156,18.252.188.253,139.60.161.236,5.255.102.224,139.60.160.11,23.227.178.59,185.8.105.112,146.70.87.190,185.8.105.103,16.163.143.141,147.182.174.77,139.60.161.161,139.60.161.225,139.60.161.75,139.60.160.51,139.60.161.53,45.142.122.170,143.198.131.210,139.60.160.210,139.60.161.45,139.60.161.57,172.104.232.196,164.90.153.100,3.13.144.126,143.198.190.57,45.142.122.59,78.128.112.199,143.198.150.148,5.39.222.151,185.150.117.189,139.60.161.69,31.7.62.24,139.60.161.47,3.20.104.56,18.217.66.68,167.99.80.207,3.20.104.56,80.249.144.233,147.182.220.15,149.56.127.166,216.244.71.155,84.38.182.248,80.249.144.233,80.249.145.212,77.223.99.210] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 18"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527017; rev:1445; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2025_12_01;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2025_12_01

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!