-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPAW-PATRULES_UNC2447_IP.rules
150 lines (149 loc) Β· 42.9 KB
/
PAW-PATRULES_UNC2447_IP.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# KXK00OOkxxkO00KX0
# ,NXKxo:,'... ...';cdOXN:
# l;. ..,:ldxkOOOOOOkkxol:,.. .o
# dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
# KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
# x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
# d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
# l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
# ;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
# .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
# l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
# .: .OOkkk; xk, .:kkkkkO0; ;.
# ;. :0kkkko;,cko :kkkk0d .:
# : oOkkkkkkkk .dkkk0k. :
# : dOkkkkkkk .:odxkkkkkOk. ;
# ; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
# '. ;OOkkkkkkkkkkkkkkkkkOOc '
# ' .lOOkkkkkkkkkkkkkOOd. .
# . .lOOkkkkkkkkkOOo' ..
# ' .;dOOOkOOOx:. .
# .. .,lxo;. ..
# .. ..
#
# ____ ___ __ ____ _ _
#| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
#| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
#| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
#|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
#
# IDS Rules for Suricata
# π Charles BLANC-ROLIN β ΅ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# πΏ UNC2447 - IP
alert ip any any -> 64.227.24.12 any (msg:"πΎ - π¨ Outgoing connection β π C2 - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321028; rev:1; classtype:trojan-activity;)
alert ip any any -> 157.230.184.142 any (msg:"πΎ - π¨ Outgoing connection β π C2 - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321029; rev:1; classtype:trojan-activity;)
alert ip any any -> 23.204.122.173 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321030; rev:1; classtype:trojan-activity;)
alert ip any any -> 7.217.235.205 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321031; rev:1; classtype:trojan-activity;)
alert ip any any -> 250.248.152.212 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321032; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.181.64.79 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321033; rev:1; classtype:trojan-activity;)
alert ip any any -> 90.216.213.184 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321034; rev:1; classtype:trojan-activity;)
alert ip any any -> 66.185.198.92 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321035; rev:1; classtype:trojan-activity;)
alert ip any any -> 55.101.148.101 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321036; rev:1; classtype:trojan-activity;)
alert ip any any -> 139.13.105.172 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321037; rev:1; classtype:trojan-activity;)
alert ip any any -> 51.89.166.226 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321038; rev:1; classtype:trojan-activity;)
alert ip any any -> 60.5.215.62 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321039; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.156.27.233 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321040; rev:1; classtype:trojan-activity;)
alert ip any any -> 86.105.252.79 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321041; rev:1; classtype:trojan-activity;)
alert ip any any -> 71.146.182.128 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321042; rev:1; classtype:trojan-activity;)
alert ip any any -> 143.192.7.225 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321043; rev:1; classtype:trojan-activity;)
alert ip any any -> 24.20.246.76 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321044; rev:1; classtype:trojan-activity;)
alert ip any any -> 234.205.139.127 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321045; rev:1; classtype:trojan-activity;)
alert ip any any -> 238.29.68.183 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321046; rev:1; classtype:trojan-activity;)
alert ip any any -> 243.6.53.73 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321047; rev:1; classtype:trojan-activity;)
alert ip any any -> 16.171.115.188 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321048; rev:1; classtype:trojan-activity;)
alert ip any any -> 203.187.175.197 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321049; rev:1; classtype:trojan-activity;)
alert ip any any -> 118.186.113.10 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321050; rev:1; classtype:trojan-activity;)
alert ip any any -> 135.179.1.53 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321051; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.32.76.228 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321052; rev:1; classtype:trojan-activity;)
alert ip any any -> 93.115.22.111 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321053; rev:1; classtype:trojan-activity;)
alert ip any any -> 164.210.48.72 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321054; rev:1; classtype:trojan-activity;)
alert ip any any -> 113.148.125.11 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321055; rev:1; classtype:trojan-activity;)
alert ip any any -> 218.155.36.185 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321056; rev:1; classtype:trojan-activity;)
alert ip any any -> 1.87.162.8 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321057; rev:1; classtype:trojan-activity;)
alert ip any any -> 12.94.144.174 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321058; rev:1; classtype:trojan-activity;)
alert ip any any -> 110.189.254.154 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321059; rev:1; classtype:trojan-activity;)
alert ip any any -> 97.217.250.40 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321060; rev:1; classtype:trojan-activity;)
alert ip any any -> 80.189.176.187 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321061; rev:1; classtype:trojan-activity;)
alert ip any any -> 43.115.146.34 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321062; rev:1; classtype:trojan-activity;)
alert ip any any -> 88.102.254.193 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321063; rev:1; classtype:trojan-activity;)
alert ip any any -> 160.177.80.121 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321064; rev:1; classtype:trojan-activity;)
alert ip any any -> 43.114.64.1 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321065; rev:1; classtype:trojan-activity;)
alert ip any any -> 69.142.228.85 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321066; rev:1; classtype:trojan-activity;)
alert ip any any -> 228.144.112.158 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321067; rev:1; classtype:trojan-activity;)
alert ip any any -> 111.75.178.121 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321068; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.30.195.230 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321069; rev:1; classtype:trojan-activity;)
alert ip any any -> 110.221.133.240 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321070; rev:1; classtype:trojan-activity;)
alert ip any any -> 214.91.94.102 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321071; rev:1; classtype:trojan-activity;)
alert ip any any -> 228.153.133.105 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321072; rev:1; classtype:trojan-activity;)
alert ip any any -> 98.105.68.199 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321073; rev:1; classtype:trojan-activity;)
alert ip any any -> 251.70.93.188 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321074; rev:1; classtype:trojan-activity;)
alert ip any any -> 64.23.63.48 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321075; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.6.2.56 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321076; rev:1; classtype:trojan-activity;)
alert ip any any -> 195.41.164.159 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321077; rev:1; classtype:trojan-activity;)
alert ip any any -> 15.72.249.115 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321078; rev:1; classtype:trojan-activity;)
alert ip any any -> 106.74.214.131 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321079; rev:1; classtype:trojan-activity;)
alert ip any any -> 57.250.79.147 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321080; rev:1; classtype:trojan-activity;)
alert ip any any -> 64.185.160.129 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321081; rev:1; classtype:trojan-activity;)
alert ip any any -> 23.142.236.49 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321082; rev:1; classtype:trojan-activity;)
alert ip any any -> 249.109.21.174 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321083; rev:1; classtype:trojan-activity;)
alert ip any any -> 53.13.150.137 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321084; rev:1; classtype:trojan-activity;)
alert ip any any -> 59.137.142.197 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321085; rev:1; classtype:trojan-activity;)
alert ip any any -> 1.226.125.155 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321086; rev:1; classtype:trojan-activity;)
alert ip any any -> 175.220.224.250 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321087; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.136.218.101 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321088; rev:1; classtype:trojan-activity;)
alert ip any any -> 218.1.98.253 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321089; rev:1; classtype:trojan-activity;)
alert ip any any -> 250.141.9.96 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321090; rev:1; classtype:trojan-activity;)
alert ip any any -> 147.237.163.249 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321091; rev:1; classtype:trojan-activity;)
alert ip any any -> 22.18.183.161 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321092; rev:1; classtype:trojan-activity;)
alert ip any any -> 3.146.125.57 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321093; rev:1; classtype:trojan-activity;)
alert ip any any -> 120.220.58.75 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321094; rev:1; classtype:trojan-activity;)
alert ip any any -> 83.241.67.136 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321095; rev:1; classtype:trojan-activity;)
alert ip any any -> 203.70.58.233 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321096; rev:1; classtype:trojan-activity;)
alert ip any any -> 136.217.227.155 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321097; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.35.69.205 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321098; rev:1; classtype:trojan-activity;)
alert ip any any -> 143.202.17.19 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321099; rev:1; classtype:trojan-activity;)
alert ip any any -> 89.64.167.155 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321100; rev:1; classtype:trojan-activity;)
alert ip any any -> 69.231.159.108 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321101; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.5.88.143 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321102; rev:1; classtype:trojan-activity;)
alert ip any any -> 221.224.214.208 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321103; rev:1; classtype:trojan-activity;)
alert ip any any -> 252.34.187.140 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321104; rev:1; classtype:trojan-activity;)
alert ip any any -> 139.128.80.98 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321105; rev:1; classtype:trojan-activity;)
alert ip any any -> 83.127.175.111 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321106; rev:1; classtype:trojan-activity;)
alert ip any any -> 110.170.34.18 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321107; rev:1; classtype:trojan-activity;)
alert ip any any -> 135.47.23.39 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321108; rev:1; classtype:trojan-activity;)
alert ip any any -> 96.144.97.253 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321109; rev:1; classtype:trojan-activity;)
alert ip any any -> 12.69.233.165 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321110; rev:1; classtype:trojan-activity;)
alert ip any any -> 200.70.98.191 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321111; rev:1; classtype:trojan-activity;)
alert ip any any -> 194.228.52.50 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321112; rev:1; classtype:trojan-activity;)
alert ip any any -> 248.107.221.185 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321113; rev:1; classtype:trojan-activity;)
alert ip any any -> 6.23.45.209 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321114; rev:1; classtype:trojan-activity;)
alert ip any any -> 95.105.152.207 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321115; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.193.143.175 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321116; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.124.199.3 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321117; rev:1; classtype:trojan-activity;)
alert ip any any -> 17.104.38.252 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321118; rev:1; classtype:trojan-activity;)
alert ip any any -> 110.22.84.175 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321119; rev:1; classtype:trojan-activity;)
alert ip any any -> 38.48.0.49 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321120; rev:1; classtype:trojan-activity;)
alert ip any any -> 247.124.194.206 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321121; rev:1; classtype:trojan-activity;)
alert ip any any -> 225.17.149.238 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321122; rev:1; classtype:trojan-activity;)
alert ip any any -> 215.212.59.135 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321123; rev:1; classtype:trojan-activity;)
alert ip any any -> 160.166.145.59 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321124; rev:1; classtype:trojan-activity;)
alert ip any any -> 49.147.220.73 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321125; rev:1; classtype:trojan-activity;)
alert ip any any -> 226.56.231.173 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321126; rev:1; classtype:trojan-activity;)
alert ip any any -> 222.241.58.90 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321127; rev:1; classtype:trojan-activity;)
alert ip any any -> 31.94.228.193 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321128; rev:1; classtype:trojan-activity;)
alert ip any any -> 201.194.50.37 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321129; rev:1; classtype:trojan-activity;)
alert ip any any -> 84.227.85.146 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321130; rev:1; classtype:trojan-activity;)
alert ip any any -> 36.97.81.223 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321131; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.190.163.247 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321132; rev:1; classtype:trojan-activity;)
alert ip any any -> 71.149.237.190 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321133; rev:1; classtype:trojan-activity;)
alert ip any any -> 240.135.239.246 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321134; rev:1; classtype:trojan-activity;)
alert ip any any -> 43.50.249.207 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321135; rev:1; classtype:trojan-activity;)
alert ip any any -> 206.187.104.159 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321136; rev:1; classtype:trojan-activity;)
alert ip any any -> 58.50.22.173 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321137; rev:1; classtype:trojan-activity;)
alert ip any any -> 51.89.50.152 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321138; rev:1; classtype:trojan-activity;)
alert ip any any -> 248.186.24.203 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321139; rev:1; classtype:trojan-activity;)
alert ip any any -> 132.161.57.226 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321140; rev:1; classtype:trojan-activity;)
alert ip any any -> 230.139.117.46 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321141; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.150.117.149 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321142; rev:1; classtype:trojan-activity;)
alert ip any any -> 36.73.0.0 any (msg:"πΎ - π¨ Outgoing connection β π C2 π SOMBRAT - UNC2447"; reference: url,https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html; metadata:created_at 2021_05_03, updated_at 2021_05_03; sid:3321143; rev:1; classtype:trojan-activity;)