Update suricata/[X]BlackTech-suricata-20250112.txt
This commit is contained in:
66
suricata/[X]BlackTech-suricata-20250112.txt
Normal file
66
suricata/[X]BlackTech-suricata-20250112.txt
Normal file
@ -0,0 +1,66 @@
|
||||
[X] Updated
|
||||
|
||||
alert ip 59.124.71.29 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.124.71.29 (source) - APT Group: BlackTech"; sid:754179006; rev:1;)
|
||||
alert ip any any -> 59.124.71.29 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.124.71.29 (destination) - APT Group: BlackTech"; sid:754179007; rev:1;)
|
||||
alert ip 61.56.11.42 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.56.11.42 (source) - APT Group: BlackTech"; sid:7681016193; rev:1;)
|
||||
alert ip any any -> 61.56.11.42 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.56.11.42 (destination) - APT Group: BlackTech"; sid:7681016194; rev:1;)
|
||||
alert ip 210.242.211.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.242.211.175 (source) - APT Group: BlackTech"; sid:3725887954; rev:1;)
|
||||
alert ip any any -> 210.242.211.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.242.211.175 (destination) - APT Group: BlackTech"; sid:3725887955; rev:1;)
|
||||
alert ip 114.27.132.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.27.132.233 (source) - APT Group: BlackTech"; sid:709943673; rev:1;)
|
||||
alert ip any any -> 114.27.132.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.27.132.233 (destination) - APT Group: BlackTech"; sid:709943674; rev:1;)
|
||||
alert ip 122.117.107.178 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.117.107.178 (source) - APT Group: BlackTech"; sid:2924766347; rev:1;)
|
||||
alert ip any any -> 122.117.107.178 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.117.107.178 (destination) - APT Group: BlackTech"; sid:2924766348; rev:1;)
|
||||
alert ip 59.125.132.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.132.175 (source) - APT Group: BlackTech"; sid:1025446180; rev:1;)
|
||||
alert ip any any -> 59.125.132.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.132.175 (destination) - APT Group: BlackTech"; sid:1025446181; rev:1;)
|
||||
alert ip 211.23.191.4 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 211.23.191.4 (source) - APT Group: BlackTech"; sid:1096202446; rev:1;)
|
||||
alert ip any any -> 211.23.191.4 any (msg:"Suspicious BlackTech IP detected Leaving Network: 211.23.191.4 (destination) - APT Group: BlackTech"; sid:1096202447; rev:1;)
|
||||
alert ip 220.132.50.81 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.132.50.81 (source) - APT Group: BlackTech"; sid:380105595; rev:1;)
|
||||
alert ip any any -> 220.132.50.81 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.132.50.81 (destination) - APT Group: BlackTech"; sid:380105596; rev:1;)
|
||||
alert ip 61.222.32.205 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.222.32.205 (source) - APT Group: BlackTech"; sid:3491818927; rev:1;)
|
||||
alert ip any any -> 61.222.32.205 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.222.32.205 (destination) - APT Group: BlackTech"; sid:3491818928; rev:1;)
|
||||
alert ip 220.134.98.3 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.98.3 (source) - APT Group: BlackTech"; sid:2758518549; rev:1;)
|
||||
alert ip any any -> 220.134.98.3 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.98.3 (destination) - APT Group: BlackTech"; sid:2758518550; rev:1;)
|
||||
alert ip 1.170.118.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 1.170.118.233 (source) - APT Group: BlackTech"; sid:9801135185; rev:1;)
|
||||
alert ip any any -> 1.170.118.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 1.170.118.233 (destination) - APT Group: BlackTech"; sid:9801135186; rev:1;)
|
||||
alert ip 60.251.199.226 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.251.199.226 (source) - APT Group: BlackTech"; sid:9774568301; rev:1;)
|
||||
alert ip any any -> 60.251.199.226 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.251.199.226 (destination) - APT Group: BlackTech"; sid:9774568302; rev:1;)
|
||||
alert ip 123.110.131.86 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 123.110.131.86 (source) - APT Group: BlackTech"; sid:3997918156; rev:1;)
|
||||
alert ip any any -> 123.110.131.86 any (msg:"Suspicious BlackTech IP detected Leaving Network: 123.110.131.86 (destination) - APT Group: BlackTech"; sid:3997918157; rev:1;)
|
||||
alert ip 59.120.169.51 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.120.169.51 (source) - APT Group: BlackTech"; sid:216812622; rev:1;)
|
||||
alert ip any any -> 59.120.169.51 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.120.169.51 (destination) - APT Group: BlackTech"; sid:216812623; rev:1;)
|
||||
alert ip 220.133.73.13 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.133.73.13 (source) - APT Group: BlackTech"; sid:1823793281; rev:1;)
|
||||
alert ip any any -> 220.133.73.13 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.133.73.13 (destination) - APT Group: BlackTech"; sid:1823793282; rev:1;)
|
||||
alert ip 220.134.10.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.10.17 (source) - APT Group: BlackTech"; sid:4706859242; rev:1;)
|
||||
alert ip any any -> 220.134.10.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.10.17 (destination) - APT Group: BlackTech"; sid:4706859243; rev:1;)
|
||||
alert ip 60.249.208.167 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.249.208.167 (source) - APT Group: BlackTech"; sid:5130034148; rev:1;)
|
||||
alert ip any any -> 60.249.208.167 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.249.208.167 (destination) - APT Group: BlackTech"; sid:5130034149; rev:1;)
|
||||
alert ip 118.163.168.223 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.168.223 (source) - APT Group: BlackTech"; sid:370437273; rev:1;)
|
||||
alert ip any any -> 118.163.168.223 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.168.223 (destination) - APT Group: BlackTech"; sid:370437274; rev:1;)
|
||||
alert ip 111.249.102.102 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 111.249.102.102 (source) - APT Group: BlackTech"; sid:9108918494; rev:1;)
|
||||
alert ip any any -> 111.249.102.102 any (msg:"Suspicious BlackTech IP detected Leaving Network: 111.249.102.102 (destination) - APT Group: BlackTech"; sid:9108918495; rev:1;)
|
||||
alert ip 61.58.90.11 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.11 (source) - APT Group: BlackTech"; sid:3978267590; rev:1;)
|
||||
alert ip any any -> 61.58.90.11 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.11 (destination) - APT Group: BlackTech"; sid:3978267591; rev:1;)
|
||||
alert ip 125.227.225.181 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.225.181 (source) - APT Group: BlackTech"; sid:7005467689; rev:1;)
|
||||
alert ip any any -> 125.227.225.181 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.225.181 (destination) - APT Group: BlackTech"; sid:7005467690; rev:1;)
|
||||
alert ip 118.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.14.17 (source) - APT Group: BlackTech"; sid:2425784574; rev:1;)
|
||||
alert ip any any -> 118.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.14.17 (destination) - APT Group: BlackTech"; sid:2425784575; rev:1;)
|
||||
alert ip 122.147.248.69 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.147.248.69 (source) - APT Group: BlackTech"; sid:741663504; rev:1;)
|
||||
alert ip any any -> 122.147.248.69 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.147.248.69 (destination) - APT Group: BlackTech"; sid:741663505; rev:1;)
|
||||
alert ip 125.227.241.2 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.241.2 (source) - APT Group: BlackTech"; sid:3174873956; rev:1;)
|
||||
alert ip any any -> 125.227.241.2 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.241.2 (destination) - APT Group: BlackTech"; sid:3174873957; rev:1;)
|
||||
alert ip 114.39.59.244 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.39.59.244 (source) - APT Group: BlackTech"; sid:8569925249; rev:1;)
|
||||
alert ip any any -> 114.39.59.244 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.39.59.244 (destination) - APT Group: BlackTech"; sid:8569925250; rev:1;)
|
||||
alert ip 59.125.7.185 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.7.185 (source) - APT Group: BlackTech"; sid:1118471843; rev:1;)
|
||||
alert ip any any -> 59.125.7.185 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.7.185 (destination) - APT Group: BlackTech"; sid:1118471844; rev:1;)
|
||||
alert ip 61.219.96.18 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.219.96.18 (source) - APT Group: BlackTech"; sid:1486351566; rev:1;)
|
||||
alert ip any any -> 61.219.96.18 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.219.96.18 (destination) - APT Group: BlackTech"; sid:1486351567; rev:1;)
|
||||
alert ip 61.58.90.63 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.63 (source) - APT Group: BlackTech"; sid:576420246; rev:1;)
|
||||
alert ip any any -> 61.58.90.63 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.63 (destination) - APT Group: BlackTech"; sid:576420247; rev:1;)
|
||||
alert ip 210.67.101.84 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.67.101.84 (source) - APT Group: BlackTech"; sid:3472083329; rev:1;)
|
||||
alert ip any any -> 210.67.101.84 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.67.101.84 (destination) - APT Group: BlackTech"; sid:3472083330; rev:1;)
|
||||
alert ip 203.74.123.121 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 203.74.123.121 (source) - APT Group: BlackTech"; sid:3303612154; rev:1;)
|
||||
alert ip any any -> 203.74.123.121 any (msg:"Suspicious BlackTech IP detected Leaving Network: 203.74.123.121 (destination) - APT Group: BlackTech"; sid:3303612155; rev:1;)
|
||||
alert ip 18.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 18.163.14.17 (source) - APT Group: BlackTech"; sid:5957364886; rev:1;)
|
||||
alert ip any any -> 18.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 18.163.14.17 (destination) - APT Group: BlackTech"; sid:5957364887; rev:1;)
|
||||
alert ip 177.135.177.54 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 177.135.177.54 (source) - APT Group: BlackTech"; sid:4954509509; rev:1;)
|
||||
alert ip any any -> 177.135.177.54 any (msg:"Suspicious BlackTech IP detected Leaving Network: 177.135.177.54 (destination) - APT Group: BlackTech"; sid:4954509510; rev:1;)
|
||||
Reference in New Issue
Block a user