IOC pivotioc · ipv4
185[.]141[.]63[.]120
RU · RussiaConticonfidence · high
Cobalt Strike C2 server IP attributed to Conti operators in the leaked-playbook artifacts referenced in the March 2022 update to AA21-265A. Conti relied on Cobalt Strike alongside TrickBot for post-exploitation.
- family
- Conti
- first seen
- Sep 21, 2021
- publisher
- CISA