PAW-PATRULES_SPALAX_IP.rules

#                          KXK00OOkxxkO00KX0            
#                   ,NXKxo:,'...        ...';cdOXN:     
#                   l;. ..,:ldxkOOOOOOkkxol:,..  .o     
#                  dk  lOOOOOOkkkkkkkkkkkOOOOOOx  dk    
#              KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
#              x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
#              d. o0Okkkkkkkkkkkkk.   okkkkkkkkkkOO0k  x
#              l. c0kkkkkkko. .ckk    .kd..'xkkkkkk0x .o
#              ;, ;0kkkkkkkc    ;ko. .dk.   :kkkkkk0l ':
#              .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
#               l  o0kkkk:..'dkkk.    .;okkkkkkkkk0x  l 
#               .: .OOkkk;    xk,         .:kkkkkO0; ;. 
#                ;. :0kkkko;,cko            :kkkk0d .:  
#                 :  oOkkkkkkkk            .dkkk0k. :   
#                  :  dOkkkkkkk      .:odxkkkkkOk. ;    
#                   ;  oOkkkkkkx:,,ckkkkkkkkkkOx. ,     
#                    '. ;OOkkkkkkkkkkkkkkkkkOOc  '      
#                      ' .lOOkkkkkkkkkkkkkOOd. .        
#                        . .lOOkkkkkkkkkOOo' ..         
#                          ' .;dOOOkOOOx:. .            
#                            .. .,lxo;. ..              
#                                .. ..                  
#                                         
# ____   ___        __  ____       _              _           
#|  _ \ / \ \      / / |  _ \ __ _| |_ _ __ _   _| | ___  ___ 
#| |_) / _ \ \ /\ / /  | |_) / _` | __| '__| | | | |/ _ \/ __|
#|  __/ ___ \ V  V /   |  __/ (_| | |_| |  | |_| | |  __/\__ \
#|_| /_/   \_\_/\_/    |_|   \__,_|\__|_|   \__,_|_|\___||___/
#                                                             
# IDS Rules for Suricata
# 📜 Charles BLANC-ROLIN ⠵ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# 🐀 Spalax - IP

alert ip any any -> 179.14.171.7 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314937; rev:1; classtype:trojan-activity;)
alert ip any any -> 179.14.173.93 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314938; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.131.216.115 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314939; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.131.228.204 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314940; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.131.231.245 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314941; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.131.237.247 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314942; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.112.215 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314943; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.113.205 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314944; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.118.201 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314945; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.119.97 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314946; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.123.124 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314947; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.137.124.132 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314948; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.140.198.107 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314949; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.140.212.168 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314950; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.140.213.212 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314951; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.140.213.213 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314952; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.142.172.125 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314953; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.142.179.66 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314954; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.142.184.22 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314955; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.49.90.193 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314956; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.100.157 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314957; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.102.87 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314958; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.103.140 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314959; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.104.2 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314960; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.107.55 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314961; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.108.50 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314962; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.110.207 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314963; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.113.142 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314964; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.113.157 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314965; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.113.230 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314966; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.113.57 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314967; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.113.83 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314968; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.52.252.110 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314969; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.58.132.31 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314970; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.58.133.54 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314971; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.58.152.42 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314972; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.58.154.33 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314973; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.58.155.117 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314974; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.59.9.81 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314975; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.61.169.163 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314976; rev:1; classtype:trojan-activity;)
alert ip any any -> 181.61.170.142 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314977; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.145.214.167 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314978; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.145.214.199 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314979; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.145.214.25 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314980; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.146.240.244 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314981; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.147.55.135 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314982; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.147.55.19 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314983; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.81.119.4 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314984; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.82.241.203 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314985; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.82.242.6 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314986; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.86.143 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314987; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.86.196 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314988; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.86.226 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314989; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.86.26 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314990; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.87.246 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314991; rev:1; classtype:trojan-activity;)
alert ip any any -> 186.85.87.48 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314992; rev:1; classtype:trojan-activity;)
alert ip any any -> 190.159.206.164 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314993; rev:1; classtype:trojan-activity;)
alert ip any any -> 191.88.217.14 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314994; rev:1; classtype:trojan-activity;)
alert ip any any -> 200.116.77.118 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314995; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.108.132 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314996; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.108.177 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314997; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.112.34 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314998; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.112.142 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3314999; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.115.100 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3315000; rev:1; classtype:trojan-activity;)
alert ip any any -> 128.90.115.244 any (msg:"🐾 - 🚨 Outgoing connection ↗ 🎛 C2 🐀 Spalax"; reference: url,https://github.com/eset/malware-ioc/tree/master/spala reference: url,https://www.eset.com/na/about/newsroom/press-releases/malwares-decouverts/operation-spalax-attaques-ciblees/; metadata:created_at 2021_01_23, updated_at 2021_01_23; sid:3315001; rev:1; classtype:trojan-activity;)