junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4b9c6cf20ccd60dd53efcd7538bc09ed8375e45b
spl/suricata/waterbear-suricata-20250112.txt

25 lines
4.0 KiB
Plaintext
Raw Blame History

alert ip 45.77.181.203 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.77.181.203 (source) - APT Group: BlackTech"; sid:5921737425; rev:1;)
alert ip any any -> 45.77.181.203 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.77.181.203 (destination) - APT Group: BlackTech"; sid:5921737426; rev:1;)
alert ip 103.40.112.228 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 103.40.112.228 (source) - APT Group: BlackTech"; sid:3182573330; rev:1;)
alert ip any any -> 103.40.112.228 any (msg:"Suspicious waterbear IP detected Leaving Network: 103.40.112.228 (destination) - APT Group: BlackTech"; sid:3182573331; rev:1;)
alert ip 59.125.119.202 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 59.125.119.202 (source) - APT Group: BlackTech"; sid:8583068955; rev:1;)
alert ip any any -> 59.125.119.202 any (msg:"Suspicious waterbear IP detected Leaving Network: 59.125.119.202 (destination) - APT Group: BlackTech"; sid:8583068956; rev:1;)
alert ip 139.180.201.6 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.180.201.6 (source) - APT Group: BlackTech"; sid:7607440005; rev:1;)
alert ip any any -> 139.180.201.6 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.180.201.6 (destination) - APT Group: BlackTech"; sid:7607440006; rev:1;)
alert ip 139.162.112.74 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 139.162.112.74 (source) - APT Group: BlackTech"; sid:5681332719; rev:1;)
alert ip any any -> 139.162.112.74 any (msg:"Suspicious waterbear IP detected Leaving Network: 139.162.112.74 (destination) - APT Group: BlackTech"; sid:5681332720; rev:1;)
alert ip 172.104.92.110 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 172.104.92.110 (source) - APT Group: BlackTech"; sid:5363415535; rev:1;)
alert ip any any -> 172.104.92.110 any (msg:"Suspicious waterbear IP detected Leaving Network: 172.104.92.110 (destination) - APT Group: BlackTech"; sid:5363415536; rev:1;)
alert ip 168.95.1.1 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 168.95.1.1 (source) - APT Group: BlackTech"; sid:2071065055; rev:1;)
alert ip any any -> 168.95.1.1 any (msg:"Suspicious waterbear IP detected Leaving Network: 168.95.1.1 (destination) - APT Group: BlackTech"; sid:2071065056; rev:1;)
alert ip 45.76.218.116 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 45.76.218.116 (source) - APT Group: BlackTech"; sid:5808228675; rev:1;)
alert ip any any -> 45.76.218.116 any (msg:"Suspicious waterbear IP detected Leaving Network: 45.76.218.116 (destination) - APT Group: BlackTech"; sid:5808228676; rev:1;)
alert ip 108.160.138.235 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.138.235 (source) - APT Group: BlackTech"; sid:5795869186; rev:1;)
alert ip any any -> 108.160.138.235 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.138.235 (destination) - APT Group: BlackTech"; sid:5795869187; rev:1;)
alert ip 211.72.242.120 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 211.72.242.120 (source) - APT Group: BlackTech"; sid:6756046166; rev:1;)
alert ip any any -> 211.72.242.120 any (msg:"Suspicious waterbear IP detected Leaving Network: 211.72.242.120 (destination) - APT Group: BlackTech"; sid:6756046167; rev:1;)
alert ip 108.160.132.108 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 108.160.132.108 (source) - APT Group: BlackTech"; sid:2503198458; rev:1;)
alert ip any any -> 108.160.132.108 any (msg:"Suspicious waterbear IP detected Leaving Network: 108.160.132.108 (destination) - APT Group: BlackTech"; sid:2503198459; rev:1;)
alert ip 220.135.71.92 any -> any any (msg:"Suspicious waterbear IP detected Entering Network: 220.135.71.92 (source) - APT Group: BlackTech"; sid:121564119; rev:1;)
alert ip any any -> 220.135.71.92 any (msg:"Suspicious waterbear IP detected Leaving Network: 220.135.71.92 (destination) - APT Group: BlackTech"; sid:121564120; rev:1;)
Reference in New Issue View Git Blame Copy Permalink