-
Notifications
You must be signed in to change notification settings - Fork 1
/
PAW-PATRULES_NJRAT_IP.rules
144 lines (143 loc) Β· 37.5 KB
/
PAW-PATRULES_NJRAT_IP.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# KXK00OOkxxkO00KX0
# ,NXKxo:,'... ...';cdOXN:
# l;. ..,:ldxkOOOOOOkkxol:,.. .o
# dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
# KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
# x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
# d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
# l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
# ;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
# .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
# l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
# .: .OOkkk; xk, .:kkkkkO0; ;.
# ;. :0kkkko;,cko :kkkk0d .:
# : oOkkkkkkkk .dkkk0k. :
# : dOkkkkkkk .:odxkkkkkOk. ;
# ; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
# '. ;OOkkkkkkkkkkkkkkkkkOOc '
# ' .lOOkkkkkkkkkkkkkOOd. .
# . .lOOkkkkkkkkkOOo' ..
# ' .;dOOOkOOOx:. .
# .. .,lxo;. ..
# .. ..
#
# ____ ___ __ ____ _ _
#| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
#| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
#| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
#|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
#
# IDS Rules for Suricata
# π Charles BLANC-ROLIN β ΅ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# π NjRAT - IP
alert ip any any -> 193.161.193.99 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://twitter.com/ScumBots/status/1285481473047515137; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_21, updated_at 2020_07_21; sid:3312511; rev:1; classtype:trojan-activity;)
alert ip any any -> 118.46.19.222 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://twitter.com/ScumBots/status/1285470145121587202; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_21, updated_at 2020_07_21; sid:3312512; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.242.166.42 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://twitter.com/ScumBots; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_23, updated_at 2020_07_23; sid:3312513; rev:1; classtype:trojan-activity;)
alert ip any any -> 118.44.153.68 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://twitter.com/ScumBots; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_25, updated_at 2020_07_25; sid:3312514; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.134.196.116 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312515; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.20.98.123 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312516; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.17.117.250 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312517; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.13.191.225 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312518; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.135.90.78 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312519; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.137.63.131 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312520; rev:1; classtype:trojan-activity;)
alert ip any any -> 208.91.196.94 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312521; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.169.69.25 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312522; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.19.6.32 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312523; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.18.75.105 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312524; rev:1; classtype:trojan-activity;)
alert ip any any -> 84.210.40.80 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312525; rev:1; classtype:trojan-activity;)
alert ip any any -> 52.14.18.129 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312526; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.21.60.148 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312527; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.82.217.154 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312528; rev:1; classtype:trojan-activity;)
alert ip any any -> 179.14.12.213 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312529; rev:1; classtype:trojan-activity;)
alert ip any any -> 159.224.246.10 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312530; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.23.201.37 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312531; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.21.240.234 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312532; rev:1; classtype:trojan-activity;)
alert ip any any -> 211.243.120.138 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_07_31, updated_at 2020_07_31; sid:3312533; rev:1; classtype:trojan-activity;)
alert ip any any -> 37.112.149.108 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312534; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.140.53.135 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312535; rev:1; classtype:trojan-activity;)
alert ip any any -> 47.28.203.160 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312536; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.121.5.16 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312537; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.19.85.139 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312538; rev:1; classtype:trojan-activity;)
alert ip any any -> 46.53.64.102 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312539; rev:1; classtype:trojan-activity;)
alert ip any any -> 78.179.157.23 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312540; rev:1; classtype:trojan-activity;)
alert ip any any -> 171.4.209.107 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312541; rev:1; classtype:trojan-activity;)
alert ip any any -> 196.64.242.190 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312542; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.5.98.252 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312543; rev:1; classtype:trojan-activity;)
alert ip any any -> 179.14.173.93 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3312544; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.244.30.181 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312545; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.156.188.85 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312546; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.19 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312547; rev:1; classtype:trojan-activity;)
alert ip any any -> 117.239.31.141 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312548; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.5.98.249 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312549; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.98.102.227 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312550; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.71 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3312551; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.109.190.3 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3312552; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.99.3.142 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3312553; rev:1; classtype:trojan-activity;)
alert ip any any -> 87.117.235.116 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3312554; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.73 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_26, updated_at 2020_08_26; sid:3312555; rev:1; classtype:trojan-activity;)
alert ip any any -> 112.152.98.136 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://twitter.com/ScumBots; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_08_26, updated_at 2020_08_26; sid:3312556; rev:1; classtype:trojan-activity;)
alert ip any any -> 14.53.207.30 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312557; rev:1; classtype:trojan-activity;)
alert ip any any -> 95.48.238.198 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312558; rev:1; classtype:trojan-activity;)
alert ip any any -> 159.203.144.58 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312559; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.141.10.37 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312560; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.122 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312561; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.169.48.34 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312562; rev:1; classtype:trojan-activity;)
alert ip any any -> 69.197.156.22 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312563; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.235.102.21 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat;metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3312564; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.254.74.210 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312565; rev:1; classtype:trojan-activity;)
alert ip any any -> 74.124.24.29 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312566; rev:1; classtype:trojan-activity;)
alert ip any any -> 95.211.239.201 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312567; rev:1; classtype:trojan-activity;)
alert ip any any -> 51.36.107.76 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312568; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.255.157.173 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312569; rev:1; classtype:trojan-activity;)
alert ip any any -> 84.51.52.166 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312570; rev:1; classtype:trojan-activity;)
alert ip any any -> 109.230.215.181 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312571; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.109.180.7 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312572; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.138.99.4 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312573; rev:1; classtype:trojan-activity;)
alert ip any any -> 93.41.148.239 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312574; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.109.184.10 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312575; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.109.180.4 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3312576; rev:1; classtype:trojan-activity;)
alert ip any any -> 178.33.93.88 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312577; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.109.186.5 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312578; rev:1; classtype:trojan-activity;)
alert ip any any -> 89.160.188.202 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312579; rev:1; classtype:trojan-activity;)
alert ip any any -> 197.25.208.173 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312580; rev:1; classtype:trojan-activity;)
alert ip any any -> 2.59.119.177 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312581; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.10.88.108 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312582; rev:1; classtype:trojan-activity;)
alert ip any any -> 137.135.100.232 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312583; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.105 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312584; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.230.126.12 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3312585; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.22.15.135 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312586; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.131.123.134 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312587; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.131.147.49 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312588; rev:1; classtype:trojan-activity;)
alert ip any any -> 191.205.169.128 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312589; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.134.125.175 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312590; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.22.30.40 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_13, updated_at 2020_09_13;sid:3312591; rev:1; classtype:trojan-activity;)
alert ip any any -> 191.205.215.182 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312592; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.100 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312593; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.218.118.190 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312594; rev:1; classtype:trojan-activity;)
alert ip any any -> 5.227.253.51 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312595; rev:1; classtype:trojan-activity;)
alert ip any any -> 20.190.34.92 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312596; rev:1; classtype:trojan-activity;)
alert ip any any -> 189.84.177.238 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312597; rev:1; classtype:trojan-activity;)
alert ip any any -> 91.196.81.19 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312598; rev:1; classtype:trojan-activity;)
alert ip any any -> 177.67.80.169 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312599; rev:1; classtype:trojan-activity;)
alert ip any any -> 5.180.76.28 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312600; rev:1; classtype:trojan-activity;)
alert ip any any -> 14.236.167.120 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312601; rev:1; classtype:trojan-activity;)
alert ip any any -> 175.200.16.133 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312602; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.242.166.48 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_17, updated_at 2020_09_17;sid:3312603; rev:1; classtype:trojan-activity;)
alert ip any any -> 13.59.15.185 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312604; rev:1; classtype:trojan-activity;)
alert ip any any -> 213.110.133.165 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312605; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.134.39.220 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312606; rev:1; classtype:trojan-activity;)
alert ip any any -> 189.84.162.211 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312607; rev:1; classtype:trojan-activity;)
alert ip any any -> 102.157.120.130 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312608; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.17.7.232 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312609; rev:1; classtype:trojan-activity;)
alert ip any any -> 79.134.225.95 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312610; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.5.97.98 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3312611; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.255.153.214 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312612; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.14.182.203 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312613; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.130.209.29 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312614; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.19.224.65 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312615; rev:1; classtype:trojan-activity;)
alert ip any any -> 1.43.80.191 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312616; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.255.146.140 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312617; rev:1; classtype:trojan-activity;)
alert ip any any -> 189.84.189.195 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312618; rev:1; classtype:trojan-activity;)
alert ip any any -> 191.205.184.3 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312619; rev:1; classtype:trojan-activity;)
alert ip any any -> 59.29.244.82 any (msg:"πΎ - π¨ Outgoing connection β π C2 π NjRAT"; reference: url,https://any.run/malware-trends/njrat; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3312620; rev:1; classtype:trojan-activity;)