-
Notifications
You must be signed in to change notification settings - Fork 1
/
PAW-PATRULES_FIN7_IP.rules
115 lines (114 loc) Β· 34.5 KB
/
PAW-PATRULES_FIN7_IP.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# KXK00OOkxxkO00KX0
# ,NXKxo:,'... ...';cdOXN:
# l;. ..,:ldxkOOOOOOkkxol:,.. .o
# dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
# KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
# x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
# d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
# l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
# ;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
# .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
# l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
# .: .OOkkk; xk, .:kkkkkO0; ;.
# ;. :0kkkko;,cko :kkkk0d .:
# : oOkkkkkkkk .dkkk0k. :
# : dOkkkkkkk .:odxkkkkkOk. ;
# ; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
# '. ;OOkkkkkkkkkkkkkkkkkOOc '
# ' .lOOkkkkkkkkkkkkkOOd. .
# . .lOOkkkkkkkkkOOo' ..
# ' .;dOOOkOOOx:. .
# .. .,lxo;. ..
# .. ..
#
# ____ ___ __ ____ _ _
#| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
#| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
#| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
#|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
#
# IDS Rules for Suricata
# π Charles BLANC-ROLIN β ΅ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# π΄ββ οΈ FIN7 π·πΊ Group / CARBON SPIDER / GOLD NIAGARA / Calcium / Carbanak / Griffon / Avemaria - IP
alert ip any any -> 185.61.138.249 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309697; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.162.131.97 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309698; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.192.100.62 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309699; rev:1; classtype:trojan-activity;)
alert ip any any -> 212.8.240.116 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309700; rev:1; classtype:trojan-activity;)
alert ip any any -> 168.167.45.162 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309701; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.162.131.25 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2021_10_26; sid:3309702; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.94.147.168 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309703; rev:1; classtype:trojan-activity;)
alert ip any any -> 15.235.156.105 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309704; rev:1; classtype:trojan-activity;)
alert ip any any -> 15.235.156.115 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309705; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.117.119.108 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309706; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.117.88.245 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309707; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.225.17.220 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309708; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.232.170.83 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309709; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.234.247.62 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309710; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.104.136.113 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309711; rev:1; classtype:trojan-activity;)
alert ip any any -> 46.105.81.76 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309712; rev:1; classtype:trojan-activity;)
alert ip any any -> 5.252.177.15 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309713; rev:1; classtype:trojan-activity;)
alert ip any any -> 5.252.177.8 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309714; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.141.168.12 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309715; rev:1; classtype:trojan-activity;)
alert ip any any -> 80.71.157.110 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309716; rev:1; classtype:trojan-activity;)
alert ip any any -> 80.71.157.173 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309717; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.239.54.186 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309718; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.242.229.184 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309719; rev:1; classtype:trojan-activity;)
alert ip any any -> 93.185.166.15 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309720; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.247.23 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309721; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.253.43.212 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309722; rev:1; classtype:trojan-activity;)
alert ip any any -> 146.19.233.81 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309723; rev:1; classtype:trojan-activity;)
alert ip any any -> 162.248.225.188 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309724; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.161.210.56 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309725; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.42.37.46 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309726; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.104.136.182 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309727; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.156.98.73 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309728; rev:1; classtype:trojan-activity;)
alert ip any any -> 223.252.173.124 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309729; rev:1; classtype:trojan-activity;)
alert ip any any -> 223.252.173.18 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309730; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.142.212.82 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309731; rev:1; classtype:trojan-activity;)
alert ip any any -> 46.17.107.27 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309732; rev:1; classtype:trojan-activity;)
alert ip any any -> 46.17.107.43 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309733; rev:1; classtype:trojan-activity;)
alert ip any any -> 80.92.205.244 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309734; rev:1; classtype:trojan-activity;)
alert ip any any -> 80.92.205.75 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309735; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.247.5 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309736; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.124.180.193 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309737; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.124.183.50 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309738; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.124.183.85 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309739; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.124.183.90 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309740; rev:1; classtype:trojan-activity;)
alert ip any any -> 176.103.62.29 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309741; rev:1; classtype:trojan-activity;)
alert ip any any -> 176.103.63.104 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309742; rev:1; classtype:trojan-activity;)
alert ip any any -> 176.103.63.198 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309743; rev:1; classtype:trojan-activity;)
alert ip any any -> 178.33.111.73 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309744; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.161.209.161 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309745; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.174.101.186 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309746; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.174.101.216 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309747; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.174.102.183 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309748; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.174.102.37 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309749; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.250.151.126 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309750; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.250.151.134 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309751; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.82.217.21 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309752; rev:1; classtype:trojan-activity;)
alert ip any any -> 195.149.87.118 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309753; rev:1; classtype:trojan-activity;)
alert ip any any -> 195.2.71.90 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309754; rev:1; classtype:trojan-activity;)
alert ip any any -> 37.252.4.131 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309755; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.133.216.194 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309756; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.133.216.89 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309757; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.142.213.56 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309758; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.142.215.132 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309759; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.11.180.82 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309760; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.124.180.226 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309761; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.172.129.144 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309762; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.87.152.64 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309763; rev:1; classtype:trojan-activity;)
alert ip any any -> 51.254.149.31 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309764; rev:1; classtype:trojan-activity;)
alert ip any any -> 54.38.123.229 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309765; rev:1; classtype:trojan-activity;)
alert ip any any -> 74.119.194.129 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309766; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.134.14.26 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309767; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.244.18 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309768; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.244.200 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309769; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.244.209 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309770; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.158.244.91 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309771; rev:1; classtype:trojan-activity;)
alert ip any any -> 37.252.4.131 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309772; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.133.216.25 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309773; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.140.146.184 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309774; rev:1; classtype:trojan-activity;)
alert ip any any -> 184.95.57.98 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309775; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.147.228.239 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309776; rev:1; classtype:trojan-activity;)
alert ip any any -> 206.166.251.200 any (msg:"πΎ - π¨ Outgoing connection β π π΄ββ οΈ FIN7 π·πΊ Group C2 possible"; reference: url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference: url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2023_01_30, updated_at 2023_01_30; sid:3309777; rev:1; classtype:trojan-activity;)