junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "suricata"

Browse Source
This commit is contained in:
Matthew Iverson
2025-01-12 22:45:59 -05:00
parent ef02293a24
commit 825680b845
7 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
suricata/Bifrost-suricata-20250112.txt Normal file
View File

@ -0,0 +1,2 @@
alert ip 107.191.61.247 any -> any any (msg:"Suspicious Bifrost IP detected Entering Network: 107.191.61.247 (source) - APT Group: BlackTech"; sid:7744721591; rev:1;)
alert ip any any -> 107.191.61.247 any (msg:"Suspicious Bifrost IP detected Leaving Network: 107.191.61.247 (destination) - APT Group: BlackTech"; sid:7744721592; rev:1;)

64
suricata/BlackTech-suricata-20250112.txt Normal file
View File

@ -0,0 +1,64 @@
alert ip 59.124.71.29 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.124.71.29 (source) - APT Group: BlackTech"; sid:754179006; rev:1;)
alert ip any any -> 59.124.71.29 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.124.71.29 (destination) - APT Group: BlackTech"; sid:754179007; rev:1;)
alert ip 61.56.11.42 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.56.11.42 (source) - APT Group: BlackTech"; sid:7681016193; rev:1;)
alert ip any any -> 61.56.11.42 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.56.11.42 (destination) - APT Group: BlackTech"; sid:7681016194; rev:1;)
alert ip 210.242.211.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.242.211.175 (source) - APT Group: BlackTech"; sid:3725887954; rev:1;)
alert ip any any -> 210.242.211.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.242.211.175 (destination) - APT Group: BlackTech"; sid:3725887955; rev:1;)
alert ip 114.27.132.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.27.132.233 (source) - APT Group: BlackTech"; sid:709943673; rev:1;)
alert ip any any -> 114.27.132.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.27.132.233 (destination) - APT Group: BlackTech"; sid:709943674; rev:1;)
alert ip 122.117.107.178 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.117.107.178 (source) - APT Group: BlackTech"; sid:2924766347; rev:1;)
alert ip any any -> 122.117.107.178 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.117.107.178 (destination) - APT Group: BlackTech"; sid:2924766348; rev:1;)
alert ip 59.125.132.175 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.132.175 (source) - APT Group: BlackTech"; sid:1025446180; rev:1;)
alert ip any any -> 59.125.132.175 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.132.175 (destination) - APT Group: BlackTech"; sid:1025446181; rev:1;)
alert ip 211.23.191.4 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 211.23.191.4 (source) - APT Group: BlackTech"; sid:1096202446; rev:1;)
alert ip any any -> 211.23.191.4 any (msg:"Suspicious BlackTech IP detected Leaving Network: 211.23.191.4 (destination) - APT Group: BlackTech"; sid:1096202447; rev:1;)
alert ip 220.132.50.81 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.132.50.81 (source) - APT Group: BlackTech"; sid:380105595; rev:1;)
alert ip any any -> 220.132.50.81 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.132.50.81 (destination) - APT Group: BlackTech"; sid:380105596; rev:1;)
alert ip 61.222.32.205 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.222.32.205 (source) - APT Group: BlackTech"; sid:3491818927; rev:1;)
alert ip any any -> 61.222.32.205 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.222.32.205 (destination) - APT Group: BlackTech"; sid:3491818928; rev:1;)
alert ip 220.134.98.3 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.98.3 (source) - APT Group: BlackTech"; sid:2758518549; rev:1;)
alert ip any any -> 220.134.98.3 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.98.3 (destination) - APT Group: BlackTech"; sid:2758518550; rev:1;)
alert ip 1.170.118.233 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 1.170.118.233 (source) - APT Group: BlackTech"; sid:9801135185; rev:1;)
alert ip any any -> 1.170.118.233 any (msg:"Suspicious BlackTech IP detected Leaving Network: 1.170.118.233 (destination) - APT Group: BlackTech"; sid:9801135186; rev:1;)
alert ip 60.251.199.226 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.251.199.226 (source) - APT Group: BlackTech"; sid:9774568301; rev:1;)
alert ip any any -> 60.251.199.226 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.251.199.226 (destination) - APT Group: BlackTech"; sid:9774568302; rev:1;)
alert ip 123.110.131.86 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 123.110.131.86 (source) - APT Group: BlackTech"; sid:3997918156; rev:1;)
alert ip any any -> 123.110.131.86 any (msg:"Suspicious BlackTech IP detected Leaving Network: 123.110.131.86 (destination) - APT Group: BlackTech"; sid:3997918157; rev:1;)
alert ip 59.120.169.51 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.120.169.51 (source) - APT Group: BlackTech"; sid:216812622; rev:1;)
alert ip any any -> 59.120.169.51 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.120.169.51 (destination) - APT Group: BlackTech"; sid:216812623; rev:1;)
alert ip 220.133.73.13 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.133.73.13 (source) - APT Group: BlackTech"; sid:1823793281; rev:1;)
alert ip any any -> 220.133.73.13 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.133.73.13 (destination) - APT Group: BlackTech"; sid:1823793282; rev:1;)
alert ip 220.134.10.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 220.134.10.17 (source) - APT Group: BlackTech"; sid:4706859242; rev:1;)
alert ip any any -> 220.134.10.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 220.134.10.17 (destination) - APT Group: BlackTech"; sid:4706859243; rev:1;)
alert ip 60.249.208.167 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 60.249.208.167 (source) - APT Group: BlackTech"; sid:5130034148; rev:1;)
alert ip any any -> 60.249.208.167 any (msg:"Suspicious BlackTech IP detected Leaving Network: 60.249.208.167 (destination) - APT Group: BlackTech"; sid:5130034149; rev:1;)
alert ip 118.163.168.223 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.168.223 (source) - APT Group: BlackTech"; sid:370437273; rev:1;)
alert ip any any -> 118.163.168.223 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.168.223 (destination) - APT Group: BlackTech"; sid:370437274; rev:1;)
alert ip 111.249.102.102 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 111.249.102.102 (source) - APT Group: BlackTech"; sid:9108918494; rev:1;)
alert ip any any -> 111.249.102.102 any (msg:"Suspicious BlackTech IP detected Leaving Network: 111.249.102.102 (destination) - APT Group: BlackTech"; sid:9108918495; rev:1;)
alert ip 61.58.90.11 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.11 (source) - APT Group: BlackTech"; sid:3978267590; rev:1;)
alert ip any any -> 61.58.90.11 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.11 (destination) - APT Group: BlackTech"; sid:3978267591; rev:1;)
alert ip 125.227.225.181 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.225.181 (source) - APT Group: BlackTech"; sid:7005467689; rev:1;)
alert ip any any -> 125.227.225.181 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.225.181 (destination) - APT Group: BlackTech"; sid:7005467690; rev:1;)
alert ip 118.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 118.163.14.17 (source) - APT Group: BlackTech"; sid:2425784574; rev:1;)
alert ip any any -> 118.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 118.163.14.17 (destination) - APT Group: BlackTech"; sid:2425784575; rev:1;)
alert ip 122.147.248.69 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 122.147.248.69 (source) - APT Group: BlackTech"; sid:741663504; rev:1;)
alert ip any any -> 122.147.248.69 any (msg:"Suspicious BlackTech IP detected Leaving Network: 122.147.248.69 (destination) - APT Group: BlackTech"; sid:741663505; rev:1;)
alert ip 125.227.241.2 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 125.227.241.2 (source) - APT Group: BlackTech"; sid:3174873956; rev:1;)
alert ip any any -> 125.227.241.2 any (msg:"Suspicious BlackTech IP detected Leaving Network: 125.227.241.2 (destination) - APT Group: BlackTech"; sid:3174873957; rev:1;)
alert ip 114.39.59.244 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 114.39.59.244 (source) - APT Group: BlackTech"; sid:8569925249; rev:1;)
alert ip any any -> 114.39.59.244 any (msg:"Suspicious BlackTech IP detected Leaving Network: 114.39.59.244 (destination) - APT Group: BlackTech"; sid:8569925250; rev:1;)
alert ip 59.125.7.185 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 59.125.7.185 (source) - APT Group: BlackTech"; sid:1118471843; rev:1;)
alert ip any any -> 59.125.7.185 any (msg:"Suspicious BlackTech IP detected Leaving Network: 59.125.7.185 (destination) - APT Group: BlackTech"; sid:1118471844; rev:1;)
alert ip 61.219.96.18 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.219.96.18 (source) - APT Group: BlackTech"; sid:1486351566; rev:1;)
alert ip any any -> 61.219.96.18 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.219.96.18 (destination) - APT Group: BlackTech"; sid:1486351567; rev:1;)
alert ip 61.58.90.63 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 61.58.90.63 (source) - APT Group: BlackTech"; sid:576420246; rev:1;)
alert ip any any -> 61.58.90.63 any (msg:"Suspicious BlackTech IP detected Leaving Network: 61.58.90.63 (destination) - APT Group: BlackTech"; sid:576420247; rev:1;)
alert ip 210.67.101.84 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 210.67.101.84 (source) - APT Group: BlackTech"; sid:3472083329; rev:1;)
alert ip any any -> 210.67.101.84 any (msg:"Suspicious BlackTech IP detected Leaving Network: 210.67.101.84 (destination) - APT Group: BlackTech"; sid:3472083330; rev:1;)
alert ip 203.74.123.121 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 203.74.123.121 (source) - APT Group: BlackTech"; sid:3303612154; rev:1;)
alert ip any any -> 203.74.123.121 any (msg:"Suspicious BlackTech IP detected Leaving Network: 203.74.123.121 (destination) - APT Group: BlackTech"; sid:3303612155; rev:1;)
alert ip 18.163.14.17 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 18.163.14.17 (source) - APT Group: BlackTech"; sid:5957364886; rev:1;)
alert ip any any -> 18.163.14.17 any (msg:"Suspicious BlackTech IP detected Leaving Network: 18.163.14.17 (destination) - APT Group: BlackTech"; sid:5957364887; rev:1;)
alert ip 177.135.177.54 any -> any any (msg:"Suspicious BlackTech IP detected Entering Network: 177.135.177.54 (source) - APT Group: BlackTech"; sid:4954509509; rev:1;)
alert ip any any -> 177.135.177.54 any (msg:"Suspicious BlackTech IP detected Leaving Network: 177.135.177.54 (destination) - APT Group: BlackTech"; sid:4954509510; rev:1;)

10
suricata/Flagpro-suricata-20250112.txt Normal file
View File

@ -0,0 +1,10 @@
alert ip 107.191.61.40 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 107.191.61.40 (source) - APT Group: BlackTech"; sid:518411836; rev:1;)
alert ip any any -> 107.191.61.40 any (msg:"Suspicious Flagpro IP detected Leaving Network: 107.191.61.40 (destination) - APT Group: BlackTech"; sid:518411837; rev:1;)
alert ip 172.104.109.217 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 172.104.109.217 (source) - APT Group: BlackTech"; sid:2259028385; rev:1;)
alert ip any any -> 172.104.109.217 any (msg:"Suspicious Flagpro IP detected Leaving Network: 172.104.109.217 (destination) - APT Group: BlackTech"; sid:2259028386; rev:1;)
alert ip 139.162.87.180 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 139.162.87.180 (source) - APT Group: BlackTech"; sid:3339182745; rev:1;)
alert ip any any -> 139.162.87.180 any (msg:"Suspicious Flagpro IP detected Leaving Network: 139.162.87.180 (destination) - APT Group: BlackTech"; sid:3339182746; rev:1;)
alert ip 45.76.184.227 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 45.76.184.227 (source) - APT Group: BlackTech"; sid:3650785005; rev:1;)
alert ip any any -> 45.76.184.227 any (msg:"Suspicious Flagpro IP detected Leaving Network: 45.76.184.227 (destination) - APT Group: BlackTech"; sid:3650785006; rev:1;)
alert ip 45.32.23.140 any -> any any (msg:"Suspicious Flagpro IP detected Entering Network: 45.32.23.140 (source) - APT Group: BlackTech"; sid:9643976871; rev:1;)
alert ip any any -> 45.32.23.140 any (msg:"Suspicious Flagpro IP detected Leaving Network: 45.32.23.140 (destination) - APT Group: BlackTech"; sid:9643976872; rev:1;)

BIN
suricata/Plead-suricata-20250112.txt Normal file
View File

Binary file not shown.

6
suricata/TsCookie-suricata-20250112.txt Normal file
View File

@ -0,0 +1,6 @@
alert ip 220.130.216.76 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 220.130.216.76 (source) - APT Group: BlackTech"; sid:8166465416; rev:1;)
alert ip any any -> 220.130.216.76 any (msg:"Suspicious TsCookie IP detected Leaving Network: 220.130.216.76 (destination) - APT Group: BlackTech"; sid:8166465417; rev:1;)
alert ip 60.244.52.29 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 60.244.52.29 (source) - APT Group: BlackTech"; sid:7569006617; rev:1;)
alert ip any any -> 60.244.52.29 any (msg:"Suspicious TsCookie IP detected Leaving Network: 60.244.52.29 (destination) - APT Group: BlackTech"; sid:7569006618; rev:1;)
alert ip 45.76.102.145 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 45.76.102.145 (source) - APT Group: BlackTech"; sid:8497073872; rev:1;)
alert ip any any -> 45.76.102.145 any (msg:"Suspicious TsCookie IP detected Leaving Network: 45.76.102.145 (destination) - APT Group: BlackTech"; sid:8497073873; rev:1;)

BIN
suricata/TsCookiev2-suricata-20250112.txt Normal file
View File

Binary file not shown.

24
suricata/waterbear-suricata-20250112.txt Normal file
View File

@ -0,0 +1,24 @@
alert ip 45.77.181.203 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.77.181.203 (source) - APT Group: BlackTech"; sid:5921737425; rev:1;)
alert ip any any -> 45.77.181.203 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.77.181.203 (destination) - APT Group: BlackTech"; sid:5921737426; rev:1;)
alert ip 103.40.112.228 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 103.40.112.228 (source) - APT Group: BlackTech"; sid:3182573330; rev:1;)
alert ip any any -> 103.40.112.228 any (msg:"Suspicious waterbear IP detected Leaving Network: 103.40.112.228 (destination) - APT Group: BlackTech"; sid:3182573331; rev:1;)
alert ip 59.125.119.202 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 59.125.119.202 (source) - APT Group: BlackTech"; sid:8583068955; rev:1;)
alert ip any any -> 59.125.119.202 any (msg:"Suspicious waterbear IP detected Leaving Network: 59.125.119.202 (destination) - APT Group: BlackTech"; sid:8583068956; rev:1;)
alert ip 139.180.201.6 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.180.201.6 (source) - APT Group: BlackTech"; sid:7607440005; rev:1;)
alert ip any any -> 139.180.201.6 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.180.201.6 (destination) - APT Group: BlackTech"; sid:7607440006; rev:1;)
alert ip 139.162.112.74 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.162.112.74 (source) - APT Group: BlackTech"; sid:5681332719; rev:1;)
alert ip any any -> 139.162.112.74 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.162.112.74 (destination) - APT Group: BlackTech"; sid:5681332720; rev:1;)
alert ip 172.104.92.110 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 172.104.92.110 (source) - APT Group: BlackTech"; sid:5363415535; rev:1;)
alert ip any any -> 172.104.92.110 any (msg:"Suspicious waterbear IP detected Leaving Network: 172.104.92.110 (destination) - APT Group: BlackTech"; sid:5363415536; rev:1;)
alert ip 168.95.1.1 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 168.95.1.1 (source) - APT Group: BlackTech"; sid:2071065055; rev:1;)
alert ip any any -> 168.95.1.1 any (msg:"Suspicious waterbear IP detected Leaving Network: 168.95.1.1 (destination) - APT Group: BlackTech"; sid:2071065056; rev:1;)
alert ip 45.76.218.116 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.76.218.116 (source) - APT Group: BlackTech"; sid:5808228675; rev:1;)
alert ip any any -> 45.76.218.116 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.76.218.116 (destination) - APT Group: BlackTech"; sid:5808228676; rev:1;)
alert ip 108.160.138.235 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.138.235 (source) - APT Group: BlackTech"; sid:5795869186; rev:1;)
alert ip any any -> 108.160.138.235 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.138.235 (destination) - APT Group: BlackTech"; sid:5795869187; rev:1;)
alert ip 211.72.242.120 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 211.72.242.120 (source) - APT Group: BlackTech"; sid:6756046166; rev:1;)
alert ip any any -> 211.72.242.120 any (msg:"Suspicious waterbear IP detected Leaving Network: 211.72.242.120 (destination) - APT Group: BlackTech"; sid:6756046167; rev:1;)
alert ip 108.160.132.108 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.132.108 (source) - APT Group: BlackTech"; sid:2503198458; rev:1;)
alert ip any any -> 108.160.132.108 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.132.108 (destination) - APT Group: BlackTech"; sid:2503198459; rev:1;)
alert ip 220.135.71.92 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 220.135.71.92 (source) - APT Group: BlackTech"; sid:121564119; rev:1;)
alert ip any any -> 220.135.71.92 any (msg:"Suspicious waterbear IP detected Leaving Network: 220.135.71.92 (destination) - APT Group: BlackTech"; sid:121564120; rev:1;)