# # Emerging Threats BRO RBN rules. # # Rules to detect known Russian Business Network (RBN) hosts. These lists are updated daily or better from many sources # # We do not necessarily declare that these hosts are all bad, or that RBN is inherently an evil organization. Use this # information as you see fit. # # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork # # Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list # #************************************************************* # # Copyright (c) 2003-2008, Emerging Threats # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, are permitted provided that the # following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this list of conditions and the following # disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the # following disclaimer in the documentation and/or other materials provided with the distribution. # * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # #general hosts signature sid-2406000 { ip-proto == ip src-ip == local_nets dst-ip == 58.65.233.0/24,58.65.239.66/31,65.99.192.0/20,65.254.48.0/20,66.232.96.0/19,66.252.0.0/19,69.50.160.0/19,81.94.16.0/20,81.95.128.0/19,85.249.23.0/24,85.255.112.0/24,85.255.116.0/24,85.255.121.0/24,88.201.208.0/20,194.146.204.0/22,194.226.64.0/20,194.226.96.0/24,195.114.16.0/23,195.64.140.0/23,195.64.162.0/23,208.72.160.0/20 event "ET RBN Known Russian Business Network Traffic" } #individual general hosts signature sid-2406001 { ip-proto == ip src-ip == local_nets dst-ip == 62.140.208.131,62.140.208.197,62.154.15.154,65.254.54.178,66.252.1.255,67.18.179.15,67.19.24.168,67.19.24.169,67.19.24.170,67.19.24.171,67.19.24.172,67.19.24.173,67.19.24.174,67.19.24.175,67.19.72.205,67.19.72.206,67.137.217.219,72.10.164.69,72.20.14.3,72.20.25.134,74.54.31.196,80.70.239.253,84.45.24.53,84.45.47.130,84.45.90.141,85.133.4.138,89.149.186.77,89.149.186.81,89.149.186.89,193.93.232.6,195.66.226.151,213.200.78.66,213.200.79.194,213.200.80.46,216.180.244.179,217.118.119.26 event "ET RBN Known Russian Business Network Traffic" } #chinese signature sid-2406002 { ip-proto == ip src-ip == local_nets dst ip == 91.196.232.0/22,91.194.140.0/23,91.198.71.0/24,91.193.40.0/22,91.193.56.0/22,193.33.128.0/23,194.110.69.0/24,91.195.116.0/23 event "ET RBN Known Russian Business Network Traffic - Chinese Nets" } #Panamanian/Central America signature sid-2406003 { ip-proto == ip src-ip == local_nets dst ip == 200.115.160.0/20 event "ET RBN Known Russian Business Network Traffic - Central American Nets" } # Updated 2008-11-29 08:34:23 signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 115.126.2.116,115.126.2.117,115.126.2.118,115.126.2.121,115.126.2.141,115.126.2.233,115.126.2.8,116.50.12.0/22,116.50.14.185,116.50.8.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 116.50.9.0/24,119.47.81.140,124.155.149.57,129.44.190.77,189.19.60.29,190.15.64.203,190.15.72.0/21,190.15.73.222,190.183.63.0/24,190.20.51.206 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 190.210.10.169,190.210.10.20,190.210.10.242,190.210.10.30,190.210.10.31,190.210.10.32,193.138.232.0/22,193.19.138.0/24,193.200.29.177,193.27.246.249 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.33.128.0/23,193.33.144.226,194.1.152.1,194.109.11.65,194.110.161.0/24,194.110.69.0/24,194.126.174.124,194.135.105.203,194.135.22.0/24,194.145.235.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.145.235.2,194.145.235.3,194.146.204.0/22,194.187.103.116,194.226.64.0/20,194.42.154.26,194.54.90.246,194.67.0.0/18,194.85.105.17,194.90.224.86 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.114.16.0/23,195.161.113.204,195.161.113.218,195.2.253.25,195.2.253.31,195.2.253.32,195.2.253.35,195.2.253.36,195.2.253.38,195.2.253.39 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.225.177.0/24,195.3.144.0/22,195.42.102.27,195.42.103.40,195.42.103.41,195.42.103.80,195.42.103.84,195.42.103.91,195.5.116.0/24,195.5.117.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.64.140.0/23,195.64.162.0/23,195.64.190.1,195.66.132.0/24,195.95.218.0/23,196.2.198.240,198.63.210.0/24,198.63.211.208,198.63.211.8,199.237.229.158 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 200.115.160.0/20,200.155.17.172,200.46.83.245,200.63.45.0/24,200.63.45.19,200.63.48.105,200.63.48.140,201.212.0.243,202.174.106.50,202.174.106.51 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 202.174.106.52,202.187.140.0/24,202.187.141.0/24,202.191.61.27,202.71.102.0/24,202.73.57.22,202.75.35.222,202.95.104.0/24,203.117.0.0/16,203.121.0.0/17 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.169.139.84,203.22.204.226,204.13.160.15,204.13.161.136,204.13.161.177,204.14.110.38,204.16.252.100,204.16.252.112,204.16.252.8,204.42.254.5 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 205.134.191.187,205.234.197.209,205.252.166.58,205.252.166.60,205.252.166.61,206.161.120.0/24,206.161.126.0/24,206.161.193.131,206.161.200.0/24,206.251.244.252 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.51.225.217,206.53.51.155,207.176.7.0/24,207.210.112.209,207.210.85.61,207.226.167.94,207.226.173.0/24,207.226.175.0/24,207.226.179.0/24,207.226.182.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 207.44.164.50,208.101.11.160,208.101.11.161,208.101.11.162,208.101.11.163,208.101.11.164,208.101.11.165,208.101.11.166,208.101.11.167,208.101.41.224 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.101.41.225,208.101.41.226,208.101.41.227,208.101.41.228,208.101.41.229,208.101.41.230,208.101.41.231,208.101.43.67,208.101.56.100,208.109.203.164 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.110.80.170,208.122.40.22,208.122.40.253,208.43.232.224,208.43.27.11,208.43.41.0/24,208.43.73.230,208.66.192.0/22,208.72.160.0/20,208.72.168.0/21 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.72.173.0/24,208.73.210.121,208.73.210.32,208.73.210.50,208.79.82.0/24,208.80.184.202,208.80.184.203,208.85.181.67,208.85.181.68,208.85.181.69 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.85.181.70,208.87.148.0/23,208.87.242.120,208.87.33.150,208.88.224.0/24,208.88.51.100,208.88.51.105,208.88.53.0/24,208.98.22.0/24,209.123.181.85 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.160.20.116,209.160.21.125,209.160.65.62,209.160.68.98,209.160.71.110,209.200.60.137,209.200.63.169,209.200.63.179,209.200.63.184,209.200.91.44 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.250.227.0/24,209.250.230.0/24,209.250.232.0/24,209.250.235.0/24,209.250.236.0/24,209.250.237.0/24,209.51.155.138,209.51.196.248,209.59.177.9,209.59.181.47 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.59.181.48,209.62.20.153,209.62.20.163,209.62.72.250,209.63.57.10,209.67.214.194,209.67.214.61,209.67.214.62,209.67.215.178,209.8.19.133 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.8.24.0/24,209.8.47.0/24,209.85.51.0/24,209.85.84.0/24,209.9.170.194,210.145.102.19,210.51.180.239,210.51.25.120,211.139.106.172,211.152.33.4 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 211.95.79.242,212.100.224.219,212.118.48.210,212.24.53.0/24,212.62.98.114,212.77.128.0/20,213.155.0.200,213.155.1.46,213.155.2.104,213.155.4.72 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.171.219.234,213.174.136.62,213.174.141.108,213.174.142.0/24,213.180.204.8,213.186.33.80,213.189.9.176,213.189.9.75,213.81.152.54,216.118.117.15 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.118.117.156,216.118.117.160,216.130.188.207,216.15.150.177,216.188.26.0/24,216.195.37.251,216.195.40.64,216.195.44.0/24,216.195.48.45,216.195.49.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.50.0/24,216.195.56.86,216.195.56.87,216.195.56.88,216.195.57.40,216.195.58.20,216.195.58.38,216.195.59.120,216.195.59.144,216.195.59.157 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.59.75,216.195.59.77,216.195.59.78,216.195.59.79,216.195.59.80,216.195.59.82,216.195.59.83,216.195.61.0/24,216.195.62.0/24,216.195.63.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.240.134.208,216.240.134.211,216.255.176.0/20,216.32.76.87,216.32.78.18,216.34.131.135,216.34.94.184,216.40.230.4,216.40.33.252,216.7.89.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.8.179.24,216.83.44.0/22,216.83.60.0/22,216.86.155.41,217.106.233.10,217.106.233.9,217.106.234.193,217.107.218.70,217.107.34.7,217.146.87.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.159.201.18,217.16.27.38,217.16.29.51,217.170.64.0/20,217.170.77.155,217.171.66.245,217.199.217.9,217.199.218.50,217.20.121.38,217.26.144.122 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.28.146.253,217.75.203.10,217.75.98.213,218.106.90.227,218.107.207.40,218.16.225.50,218.244.147.129,218.5.81.148,218.6.2.195,218.85.139.33 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 218.93.202.102,220.196.42.220,24.244.141.80,24.244.171.69,38.100.93.0/24,38.117.90.45,38.97.225.166,4.16.224.183,58.65.232.0/21,58.65.237.49 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 59.34.216.143,60.191.252.68,60.220.248.57,62.176.16.0/22,62.176.16.0/23,62.176.16.10,62.176.16.11,62.176.16.154,62.176.16.161,62.176.16.203 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 62.176.16.41,62.176.16.66,62.176.16.73,62.176.16.8,62.176.17.15,62.176.17.200,62.176.17.61,62.176.17.8,62.176.17.85,62.176.17.90 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 62.176.18.2,62.176.19.2,62.4.83.129,63.208.196.104,63.214.247.170,63.217.30.58,63.219.178.186,63.219.178.190,63.219.178.218,63.219.178.227 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 63.219.178.82,63.219.178.85,63.219.178.89,63.219.178.90,63.251.171.80,63.251.171.81,63.251.83.74,63.251.92.0/24,64.111.196.0/24,64.111.197.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.124.222.0/24,64.14.244.60,64.150.176.14,64.18.144.0/24,64.191.16.149,64.191.78.0/24,64.202.189.170,64.21.144.140,64.21.182.152,64.21.182.153 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.21.182.154,64.21.182.155,64.21.182.156,64.21.182.157,64.21.182.158,64.21.182.159,64.21.182.160,64.21.37.41,64.21.37.43,64.21.37.88 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.21.37.89,64.21.37.90,64.21.37.91,64.21.37.92,64.21.37.93,64.21.37.94,64.21.37.98,64.235.57.21,64.247.16.208,64.247.16.215 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.247.49.31,64.247.58.168,64.255.172.50,64.26.155.161,64.28.176.0/20,64.28.187.0/24,64.32.13.153,64.32.21.3,64.32.5.0/24,64.34.46.60 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.40.103.249,64.40.118.10,64.40.118.8,64.69.68.0/24,64.70.19.33,64.86.133.220,64.86.133.221,64.86.133.224,64.86.17.13,64.86.17.17 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.86.17.20,64.86.17.30,64.86.17.43,64.86.17.44,64.94.117.193,64.94.31.67,65.23.153.152,65.23.153.197,65.23.153.78,65.243.103.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 65.254.54.178,65.254.54.179,65.98.15.47,65.98.19.103,66.11.154.210,66.113.163.254,66.115.136.52,66.129.68.65,66.135.41.29,66.150.120.131 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.150.161.136,66.150.161.137,66.150.161.140,66.150.161.141,66.152.78.69,66.152.78.70,66.152.78.75,66.172.83.223,66.172.83.224,66.197.170.5 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.199.232.222,66.199.242.18,66.199.242.19,66.199.248.195,66.212.19.146,66.230.162.35,66.232.105.254,66.232.111.112,66.232.113.44,66.232.113.45 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.113.62,66.232.126.189,66.232.126.190,66.235.180.194,66.244.254.0/24,66.246.222.32,66.246.222.33,66.246.235.32,66.246.235.42,66.246.237.0/27 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.246.72.50,66.249.28.153,66.249.5.0/24,66.249.5.25,66.252.0.0/19,66.29.11.144,66.29.15.140,66.29.15.141,66.29.50.174,66.29.50.176 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.29.50.183,66.33.195.58,66.35.111.73,66.39.5.165,66.45.236.162,66.7.213.144,66.7.219.192,66.70.156.114,67.130.99.0/24,67.137.217.219 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.15.184.7,67.15.47.0/24,67.15.62.181,67.18.179.0/24,67.19.24.170,67.19.72.202,67.205.75.0/24,67.205.93.165,67.207.71.171,67.207.71.174 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.210.0.0/20,67.210.12.0/23,67.210.14.0/23,67.220.66.0/24,67.220.67.0/24,67.220.72.0/24,67.220.73.0/24,67.220.74.0/24,67.220.75.0/24,67.225.151.248 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.225.151.254,67.225.151.4,67.228.10.28,67.228.10.29,67.228.111.217,67.228.112.232,67.228.112.233,67.228.112.234,67.228.112.235,67.228.137.255 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.222.240,67.228.222.241,67.228.222.242,67.228.222.243,67.228.222.244,67.228.222.245,67.228.222.246,67.228.222.247,67.228.224.78,67.228.237.248 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.237.249,67.228.237.251,67.43.226.154,67.43.230.125,67.43.230.98,67.43.230.99,67.43.236.107,67.43.236.11,67.43.236.114,67.43.236.123 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.43.236.15,67.43.236.16,67.43.236.245,67.43.239.57,67.43.239.58,67.55.81.0/24,68.178.232.100,68.178.232.143,68.178.232.91,68.178.232.97 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 68.178.232.99,68.178.254.125,69.1.78.0/24,69.20.104.139,69.20.104.41,69.20.117.228,69.20.68.36,69.20.68.41,69.20.71.82,69.20.71.83 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.22.162.0/23,69.22.168.0/21,69.22.184.0/22,69.25.27.170,69.25.27.173,69.251.151.205,69.28.252.35,69.31.128.0/24,69.31.40.0/21,69.31.64.0/20 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.31.80.0/21,69.31.91.46,69.39.224.0/24,69.41.183.0/24,69.42.216.0/24,69.46.228.45,69.50.160.0/19,69.64.145.0/24,69.64.147.20,69.64.147.21 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.64.147.249,69.64.155.0/24,69.64.159.1,69.64.33.149,69.64.33.24,69.64.33.242,69.65.5.110,69.65.5.111,69.65.5.122,69.72.255.8 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.93.226.154,70.38.19.203,70.85.114.186,70.86.196.66,70.87.222.138,72.10.160.2,72.10.172.0/24,72.10.173.139,72.167.195.124,72.167.195.125 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.20.24.0/24,72.20.25.0/24,72.21.45.235,72.232.117.84,72.232.242.250,72.232.254.170,72.233.43.2,72.233.50.129,72.233.50.145,72.233.50.151 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.233.60.0/24,72.233.63.93,72.233.76.10,72.233.89.148,72.233.89.151,72.32.134.197,72.32.242.169,72.32.242.170,72.32.48.189,72.36.133.170 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.36.153.62,72.44.67.5,72.44.67.7,72.44.67.8,72.52.140.4,72.9.98.0/24,74.200.220.211,74.200.220.212,74.200.220.213,74.208.128.155 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.50.108.226,74.50.109.254,74.50.110.184,74.50.110.20,74.50.110.21,74.50.110.22,74.50.110.226,74.50.110.23,74.50.110.24,74.52.126.2 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.52.32.0/24,74.53.169.2,74.54.156.234,74.54.219.98,74.54.22.195,74.54.29.67,74.54.29.70,74.54.82.0/24,74.55.100.8,74.55.113.34 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.55.158.58,74.86.100.164,74.86.100.165,74.86.100.166,74.86.100.167,74.86.115.0/24,74.86.115.18,74.86.115.3,74.86.115.4,74.86.115.8 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.147.128,74.86.147.130,74.86.147.131,74.86.147.133,74.86.147.134,74.86.147.135,74.86.147.140,74.86.147.141,74.86.147.142,74.86.147.143 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.147.144,74.86.147.145,74.86.147.146,74.86.147.147,74.86.147.148,74.86.147.149,74.86.147.150,74.86.147.151,74.86.147.152,74.86.147.153 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.147.154,74.86.147.155,74.86.147.156,74.86.147.157,74.86.147.158,74.86.147.159,74.86.147.4,74.86.147.5,74.86.147.6,74.86.147.7 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.147.72,74.86.147.73,74.86.147.77,74.86.154.0/24,74.86.154.10,74.86.154.11,74.86.154.12,74.86.154.13,74.86.154.14,74.86.154.15 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.154.8,74.86.154.9,74.86.207.103,74.86.22.177,75.101.129.55,75.125.200.226,75.125.215.35,75.125.241.58,75.126.142.108,75.126.22.187 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.126.22.190,75.126.25.209,75.126.25.211,75.126.3.176,75.126.3.177,75.126.3.178,75.126.3.181,75.126.3.191,75.126.75.50,75.126.75.53 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.126.85.199,75.127.81.214,76.74.249.30,76.74.249.5,77.220.177.0/24,77.221.128.0/19,77.244.211.0/24,77.244.220.0/24,77.245.61.0/24,77.73.98.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.91.224.0/21,77.91.229.55,77.92.88.0/24,78.108.177.103,78.108.177.104,78.108.177.2,78.108.177.3,78.108.177.31,78.108.177.32,78.108.177.34 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.108.177.94,78.108.178.208,78.108.178.25,78.108.179.100,78.108.179.213,78.108.179.23,78.108.179.71,78.108.179.73,78.108.179.77,78.108.180.18 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.108.180.90,78.108.182.164,78.108.183.227,78.109.16.219,78.109.28.144,78.129.142.0/24,78.129.166.0/24,78.129.202.0/24,78.129.223.19,78.140.139.105 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.140.145.144,78.143.16.7,78.157.129.71,78.157.141.0/24,78.157.142.0/24,78.157.143.0/24,78.159.101.166,78.159.102.99,78.159.106.193,78.159.106.197 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.112.25,78.159.112.43,78.159.114.175,78.159.118.144,78.159.118.207,78.159.118.215,78.159.118.217,78.159.118.218,78.159.118.62,78.159.96.16 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.96.42,78.159.98.217,78.159.98.93,78.26.179.230,78.26.179.246,78.26.179.248,78.46.86.4,78.47.168.82,79.132.198.0/24,79.135.160.0/19 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 79.135.167.0/24,79.135.187.16,79.135.187.24,79.135.187.3,79.135.187.43,79.135.187.58,79.143.176.0/22,79.170.40.21,79.170.40.38,79.71.239.81 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.70.224.0/20,80.77.80.0/20,80.90.114.11,80.90.118.37,80.91.177.106,80.91.76.147,80.91.76.148,80.91.76.149,80.91.76.150,80.91.76.151 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.91.76.152,80.91.76.153,80.91.76.154,80.93.50.149,80.93.57.211,81.176.232.102,81.177.8.136,81.177.8.137,81.177.8.162,81.22.60.153 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 81.94.16.0/20,81.95.128.0/19,81.95.144.0/20,81.95.156.0/22,82.103.137.14,82.103.138.10,82.110.105.3,82.144.242.175,82.146.33.103,82.146.35.143 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.146.43.2,82.146.43.3,82.146.55.23,82.146.55.35,82.146.56.0/21,82.166.132.221,82.200.96.0/23,82.204.219.135,82.98.235.155,82.98.235.24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.98.235.52,82.98.86.161,82.98.86.162,82.98.86.166,82.98.86.171,82.98.86.173,83.142.230.169,83.142.230.175,83.142.230.44,83.142.230.45 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.143.81.10,83.149.105.88,83.149.72.171,83.149.72.172,83.149.74.250,83.170.116.39,83.171.76.98,83.171.76.99,83.19.144.26,83.222.0.0/19 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.16.224.183,84.16.228.142,84.16.228.143,84.16.236.16,84.16.240.233,84.16.252.138,84.16.252.73,84.243.196.130,84.243.196.132,84.243.196.136 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.196.137,84.243.196.6,84.243.197.10,84.243.197.183,84.243.197.184,84.243.197.191,84.243.197.197,84.243.197.45,84.243.200.143,84.243.200.147 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.213.39,84.243.252.88,85.17.162.100,85.17.19.118,85.17.4.0/24,85.17.45.0/24,85.17.94.16,85.192.34.156,85.255.112.0/21,85.255.120.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.255.121.0/24,85.64.2.247,87.117.252.0/24,87.117.255.0/24,87.118.116.11,87.118.117.11,87.118.118.80,87.118.69.108,87.121.76.9,87.230.25.199 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 87.237.13.203,87.238.162.146,87.242.90.0/24,87.248.180.0/24,87.251.53.97,87.3.36.91,87.98.222.197,88.198.58.147,88.198.8.15,88.201.208.0/20 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.208.16.144,88.208.16.147,88.208.17.1,88.208.17.116,88.208.21.16,88.214.192.0/18,88.214.202.0/24,88.214.225.32,88.214.228.200,88.255.0.0/17 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.255.90.0/24,88.255.94.0/24,88.85.82.148,89.104.71.235,89.108.68.31,89.108.73.87,89.108.73.98,89.108.74.33,89.108.91.7,89.108.95.135 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.111.188.155,89.149.194.201,89.149.200.79,89.149.202.115,89.149.202.254,89.149.206.56,89.149.208.179,89.149.208.44,89.149.209.117,89.149.209.160 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.209.161,89.149.220.0/24,89.149.221.182,89.149.226.0/24,89.149.227.0/24,89.149.235.235,89.149.241.0/24,89.149.242.128,89.149.244.204,89.149.251.111 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.251.130,89.149.251.203,89.149.251.33,89.149.251.43,89.149.251.44,89.149.251.56,89.149.252.19,89.149.253.215,89.149.254.12,89.149.254.46 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.255.190,89.149.255.191,89.149.255.34,89.149.255.35,89.18.181.0/24,89.18.189.44,89.187.48.0/24,89.188.112.0/24,89.188.16.12,89.248.172.154 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.248.172.155,89.248.172.58,91.121.140.44,91.142.209.26,91.192.106.0/23,91.193.40.0/22,91.193.56.0/22,91.194.140.0/23,91.194.76.0/23,91.195.116.0/23 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.196.232.0/22,91.197.130.20,91.197.130.21,91.197.160.20,91.198.71.0/24,91.199.112.7,91.199.112.8,91.200.144.0/23,91.200.144.1,91.200.144.105 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.200.146.200,91.200.146.201,91.200.146.4,91.200.146.8,91.203.68.0/22,91.203.92.0/22,91.203.92.0/24,91.203.93.16,91.203.93.22,91.203.93.23 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.203.93.25,91.203.93.61,91.206.231.140,91.207.116.0/23,91.207.116.2,91.207.116.3,91.207.117.171,91.207.117.174,91.207.117.2,91.207.117.242 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.207.117.251,91.208.0.0/24,91.21.88.146,92.241.162.135,92.241.162.136,92.241.162.143,92.241.163.27,92.241.163.30,92.241.163.31,92.241.163.32 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.241.163.33,92.241.163.34,92.241.163.50,92.241.170.130,92.241.177.70,92.48.122.60,92.48.122.61,92.48.201.0/24,92.62.100.0/24,92.62.101.0/24 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.62.96.0/24,92.62.98.0/24,92.63.104.165,92.63.97.192,93.174.92.66,93.174.93.110,93.183.194.0/24,93.183.194.20,93.183.194.23,93.183.194.28 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 93.188.160.0/21,93.190.137.99,93.190.138.238,93.190.138.239,93.190.139.0/24,93.190.140.134,93.190.140.135,94.102.48.64,94.102.48.65,94.102.49.11 event "ET RBN Known Russian Business Network Monitored Domains" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.102.49.3,94.102.49.39,94.102.49.4,94.102.49.41,94.102.49.5,94.102.49.71,94.102.49.72,94.102.50.130,94.102.50.131,94.102.60.57 event "ET RBN Known Russian Business Network Monitored Domains" }