mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-28 18:01:47 +00:00
54 lines
1.3 KiB
Plaintext
54 lines
1.3 KiB
Plaintext
#Domains
|
|
albdfhln.com
|
|
snbhdfln.com
|
|
enbdfhln.com
|
|
ksbfdlch.com
|
|
kobdflnh.com
|
|
alcgkown.com
|
|
encgkown.com
|
|
ksckgweo.com
|
|
sndvjpqt.com
|
|
sneomuwn.com
|
|
rxemuown.com
|
|
alfpmrnq.org
|
|
algspvqt.org
|
|
alhvrytw.org
|
|
aliyuown.org
|
|
koiyuwno.org
|
|
aljnwpyo.org
|
|
alkpmrnq.net
|
|
snkrpmnq.net
|
|
enkpmrnq.net
|
|
allqntpr.net
|
|
kolqnprt.net
|
|
almspvqt.net
|
|
alntqwrv.net
|
|
alovrytw.net
|
|
alvpnsor.in
|
|
alwqntpr.in
|
|
almspvru.net
|
|
enmspvru.net
|
|
alovsmtx.net
|
|
|
|
#IPs
|
|
169.239.128.110
|
|
95.213.246.242
|
|
190.115.18.241
|
|
185.144.83.85
|
|
209.99.40.222
|
|
5.45.86.234
|
|
208.91.197.91
|
|
37.1.202.157
|
|
208.100.26.251
|
|
185.82.203.225
|
|
54.37.205.28
|
|
146.185.239.17
|
|
|
|
#Samples:
|
|
b8ec727d4f97edaaa8ddeeac3673a1aed94ee95aacde5f93e66fc0db30c3dec8
|
|
770113543f9c189d306ea2984482ee445c9c4723a6e415cf7614b0a448f38b66
|
|
f33aaa2360e89fc9015cb14d9441b87f169a5ca0451aa9d9adfd440946212668
|
|
|
|
#Rules:
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"FlashPoint DMSniff UserAgent"; flow:established,to_server; content:"DSNF_"; http_user_agent; classtype:trojan-activity; sid:9000030; rev:1; metadata:author Jason Reaves;)
|
|
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"FlashPoint DMSniff Checkin Response"; flow:established,to_client; content:"200"; http_stat_code; content:"<title>Error</title>"; content:"<!-"; within: 20; content:"->This Account Has Been Suspended"; http_server_body; classtype:trojan-activity; sid:9000031; rev:1; metadata:author Jason Reaves;) |