ET Threatview.io High Confidence Cobalt Strike C2 IP group 9
Sourceet/open
CreatedDecember 9, 2021
UpdatedJanuary 12, 2026
Classificationmisc-attack
alert ip [5.181.86.249,77.73.134.23,79.137.202.45,79.137.202.62,45.227.252.253,154.223.165.16,167.172.24.169,172.105.27.61,43.132.222.36,43.132.124.75,77.73.133.84,84.32.191.131,31.172.83.154,154.7.253.11,79.137.207.137,103.146.141.98,179.43.142.47,45.192.182.192,18.194.147.156,79.133.56.243,52.14.55.184,84.32.190.246,84.32.128.99,185.247.224.65,194.165.16.90,89.185.84.22,139.60.161.236,89.185.84.28,185.143.223.75,193.233.203.214,185.143.223.76,5.44.42.42,5.44.42.44,5.44.42.48,13.58.89.86,81.19.140.23,45.147.230.252,185.143.223.69,79.133.56.243,5.181.86.248,142.44.211.35,84.32.128.99,84.32.128.5,185.143.223.71,190.123.44.221,43.154.27.211,179.60.146.53,84.32.128.89,13.40.120.240,77.73.133.80] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 9"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527008; rev:1487; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_01_12;)
Metadata
affected productAny
attack targetAny
deploymentPerimeter
tagThreatview_CS
signature severityMajor
created at2021_12_09
updated at2026_01_12
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!