ET Threatview.io High Confidence Cobalt Strike C2 IP group 9

SID: 2527008Rev: 1621346 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [45.227.253.20,54.209.125.217,91.215.85.183,194.76.227.139,167.172.157.217,134.122.170.68,46.17.43.67,45.227.252.253,77.91.84.16,204.188.203.212,77.91.84.149,74.201.28.102,193.29.13.153,193.29.13.153,45.77.138.125,23.227.196.194,23.227.203.70,54.188.58.32,77.91.84.137,84.38.180.69,23.227.196.174,154.223.165.16,154.223.165.16,109.172.45.38,109.206.240.216,146.70.161.122,15.197.130.221,15.197.130.221,15.197.130.221,172.93.193.238,185.39.18.159,194.165.16.93,198.54.117.242,206.189.201.57,212.118.54.138,23.227.202.66,23.227.202.66,23.227.203.70,43.159.43.58,79.137.202.45,91.215.85.196,194.165.16.57,5.199.168.46,109.172.45.28,184.72.146.182,190.123.44.207,109.172.45.77,212.113.106.118,91.213.50.35,84.32.188.186] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 9"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527008; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!