junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "yara"

Browse Source
This commit is contained in:
Matthew Iverson
2025-01-12 22:40:13 -05:00
parent bffa34b43f
commit 9a615e1afd
14 changed files with 641 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
yara/TsCookie-suricata-20250112.txt Normal file
View File

@ -0,0 +1,6 @@
alert ip 220.130.216.76 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 220.130.216.76 (source) - APT Group: BlackTech"; sid:8166465416; rev:1;)
alert ip any any -> 220.130.216.76 any (msg:"Suspicious TsCookie IP detected Leaving Network: 220.130.216.76 (destination) - APT Group: BlackTech"; sid:8166465417; rev:1;)
alert ip 60.244.52.29 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 60.244.52.29 (source) - APT Group: BlackTech"; sid:7569006617; rev:1;)
alert ip any any -> 60.244.52.29 any (msg:"Suspicious TsCookie IP detected Leaving Network: 60.244.52.29 (destination) - APT Group: BlackTech"; sid:7569006618; rev:1;)
alert ip 45.76.102.145 any -> any any (msg:"Suspicious TsCookie IP detected Entering Network: 45.76.102.145 (source) - APT Group: BlackTech"; sid:8497073872; rev:1;)
alert ip any any -> 45.76.102.145 any (msg:"Suspicious TsCookie IP detected Leaving Network: 45.76.102.145 (destination) - APT Group: BlackTech"; sid:8497073873; rev:1;)