# # Emerging Threats BRO RBN rules. # # Rules to detect known Russian Business Network (RBN) hosts. These lists are updated daily or better from many sources # # We do not necessarily declare that these hosts are all bad, or that RBN is inherently an evil organization. Use this # information as you see fit. # # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork # # Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list # #************************************************************* # # Copyright (c) 2003-2008, Emerging Threats # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, are permitted provided that the # following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this list of conditions and the following # disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the # following disclaimer in the documentation and/or other materials provided with the distribution. # * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # #general hosts signature sid-2406000 { ip-proto == ip src-ip == local_nets dst-ip == 58.65.233.0/24,58.65.239.66/31,65.99.192.0/20,65.254.48.0/20,66.232.96.0/19,66.252.0.0/19,69.50.160.0/19,81.94.16.0/20,81.95.128.0/19,85.249.23.0/24,85.255.112.0/24,85.255.116.0/24,85.255.121.0/24,88.201.208.0/20,194.146.204.0/22,194.226.64.0/20,194.226.96.0/24,195.114.16.0/23,195.64.140.0/23,195.64.162.0/23,208.72.160.0/20 event "ET RBN Known Russian Business Network Traffic" } #individual general hosts signature sid-2406001 { ip-proto == ip src-ip == local_nets dst-ip == 62.140.208.131,62.140.208.197,62.154.15.154,65.254.54.178,66.252.1.255,67.18.179.15,67.19.24.168,67.19.24.169,67.19.24.170,67.19.24.171,67.19.24.172,67.19.24.173,67.19.24.174,67.19.24.175,67.19.72.205,67.19.72.206,67.137.217.219,72.10.164.69,72.20.14.3,72.20.25.134,74.54.31.196,80.70.239.253,84.45.24.53,84.45.47.130,84.45.90.141,85.133.4.138,89.149.186.77,89.149.186.81,89.149.186.89,193.93.232.6,195.66.226.151,213.200.78.66,213.200.79.194,213.200.80.46,216.180.244.179,217.118.119.26 event "ET RBN Known Russian Business Network Traffic" } #chinese signature sid-2406002 { ip-proto == ip src-ip == local_nets dst ip == 91.196.232.0/22,91.194.140.0/23,91.198.71.0/24,91.193.40.0/22,91.193.56.0/22,193.33.128.0/23,194.110.69.0/24,91.195.116.0/23 event "ET RBN Known Russian Business Network Traffic - Chinese Nets" } #Panamanian/Central America signature sid-2406003 { ip-proto == ip src-ip == local_nets dst ip == 200.115.160.0/20 event "ET RBN Known Russian Business Network Traffic - Central American Nets" } # Updated 2009-07-02 16:36:24 signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 114.80.67.30,114.80.67.32,115.126.2.116,115.126.2.117,115.126.2.118,115.126.2.121,115.126.2.140,115.126.2.141,115.126.2.233,115.126.2.8 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 115.126.5.10,115.126.5.122,115.126.5.50,115.126.5.51,115.126.5.76,115.126.5.92,115.28.82.201,116.0.103.115,116.125.56.218,116.199.135.139 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 116.199.135.238,116.199.136.57,116.50.12.0/22,116.50.8.0/24,116.50.9.0/24,118.126.4.86,118.216.29.81,118.219.232.177,118.219.234.171,118.220.196.44 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 118.45.190.166,119.110.107.124,119.110.107.132,119.110.107.136,119.110.107.137,119.235.22.26,119.47.81.140,119.84.4.56,121.10.105.92,121.11.86.41 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 121.125.75.91,121.14.59.51,121.199.18.43,122.117.35.153,122.224.5.189,122.224.9.221,123.123.123.123,124.155.149.57,124.217.239.146,124.217.247.248 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 124.217.247.249,124.43.65.207,125.163.251.219,125.211.195.11,125.46.1.229,125.46.57.230,125.65.46.113,128.242.120.13,129.44.190.77,132.247.8.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 133.11.95.99,146.82.201.203,147.202.37.246,157.166.255.25,159.226.7.162,165.254.12.200,168.144.247.215,173.20.112.35,173.45.68.170,174.120.10.253 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 174.120.18.158,174.120.30.244,174.129.241.185,174.129.244.106,174.132.165.154,174.132.180.98,174.132.192.9,174.132.250.194,174.132.88.66,174.133.156.2 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 174.133.202.176,174.133.202.176/28,174.133.202.191,174.133.5.26,174.133.66.26,174.133.71.200/29,174.133.71.48/28,174.133.72.250,174.133.73.178,174.137.132.21 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 174.137.132.37,174.137.132.45,174.137.189.38,174.137.189.39,174.139.17.140,174.139.26.172,174.142.109.139,174.142.113.20,174.142.113.203,174.142.113.206 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 174.142.9.25,174.143.254.174,174.36.1.27,174.36.167.20,174.36.214.32,174.36.217.112,174.36.221.128,174.36.234.248,174.36.243.5,174.36.251.247 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 174.36.46.112,174.37.217.96,189.14.100.23,189.19.60.29,189.19.76.194,189.38.91.30,190.15.64.203,190.15.72.0/21,190.183.63.0/24,190.20.51.206 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 190.210.10.169,190.210.10.20,190.210.10.242,190.210.10.30,190.210.10.31,190.210.10.32,190.228.29.17,190.228.29.81,190.5.236.98,192.115.70.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.111.244.118,193.111.244.157,193.111.244.21,193.124.133.160,193.124.133.63,193.138.172.23,193.138.172.5,193.138.172.6,193.138.172.8,193.138.173.160 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.138.173.251,193.138.228.110,193.138.228.120,193.138.232.0/22,193.142.244.0/24,193.178.145.167,193.178.147.58,193.19.138.0/24,193.200.173.2,193.200.173.3 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.200.255.18,193.200.255.19,193.200.29.161,193.200.29.177,193.22.244.48,193.227.240.130,193.227.240.37,193.227.240.38,193.227.241.60,193.232.130.14 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.232.159.1,193.27.246.179,193.27.246.195,193.27.246.237,193.27.246.246,193.27.246.250,193.27.246.35,193.27.246.52,193.27.247.240,193.33.128.0/23 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 193.33.144.226,193.33.61.161,193.33.61.224,193.33.61.225,193.41.174.99,193.86.238.12,193.86.238.13,193.86.238.19,194.1.152.1,194.109.11.65 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.110.161.0/24,194.110.69.0/24,194.116.202.129,194.126.174.124,194.135.103.86,194.135.105.203,194.135.19.39,194.135.22.0/24,194.135.25.106,194.145.235.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.146.204.0/22,194.154.75.191,194.165.4.0/23,194.187.103.116,194.187.96.134,194.187.96.151,194.187.98.143,194.187.98.82,194.187.98.83,194.187.99.20 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.187.99.23,194.190.139.249,194.226.127.22,194.226.64.0/20,194.226.96.8,194.246.115.221,194.33.180.41,194.42.154.26,194.50.255.226,194.50.255.252 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.50.255.253,194.54.88.46,194.54.89.12,194.54.90.246,194.58.155.37,194.58.155.38,194.58.78.41,194.8.74.227,194.85.105.17,194.85.61.20 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 194.85.61.78,194.85.92.136,194.90.224.86,195.110.124.133,195.114.16.0/23,195.114.18.146,195.12.48.212,195.12.48.80,195.131.4.189,195.161.0.0/16 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.161.119.201,195.161.119.240,195.189.226.149,195.189.227.194,195.190.13.10,195.190.13.106,195.190.13.107,195.190.13.11,195.190.13.139,195.190.13.162 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.190.13.163,195.190.13.234,195.190.13.3,195.2.240.147,195.2.240.34,195.2.240.58,195.2.252.0/23,195.2.253.233,195.2.253.237,195.216.175.114 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.216.175.115,195.216.175.117,195.222.29.118,195.225.177.0/24,195.225.178.239,195.230.90.19,195.234.159.137,195.24.65.50,195.24.78.182,195.24.78.186 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.24.78.195,195.24.78.242,195.24.78.243,195.242.161.24,195.242.161.45,195.242.99.215,195.244.9.20,195.245.119.131,195.245.119.150,195.245.194.3 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.248.234.27,195.248.77.45,195.3.144.0/22,195.3.206.34,195.39.196.43,195.42.102.27,195.42.103.40,195.42.103.41,195.42.103.80,195.42.103.84 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.42.103.91,195.5.116.0/24,195.5.117.0/24,195.62.37.16,195.62.37.17,195.64.140.0/23,195.64.162.0/23,195.64.190.1,195.66.132.0/24,195.88.209.235 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.88.209.243,195.88.209.244,195.88.33.54,195.88.33.55,195.88.80.127,195.88.80.177,195.88.80.178,195.88.80.206,195.88.80.207,195.88.80.208 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.88.80.40,195.88.80.41,195.88.81.11,195.88.81.115,195.88.81.116,195.88.81.117,195.88.81.12,195.88.81.36,195.88.81.37,195.88.81.65 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.88.81.73,195.88.81.74,195.88.81.92,195.88.81.93,195.93.218.130,195.93.218.195,195.93.218.196,195.93.218.197,195.93.218.25,195.93.218.42 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 195.93.218.43,195.93.219.201,195.95.151.138,195.95.151.174,195.95.155.13,195.95.155.4,195.95.218.0/23,196.2.198.240,198.63.210.226,198.63.210.233 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 198.63.211.208,198.63.211.8,198.66.255.130,199.199.211.35,199.237.229.158,200.108.36.132,200.115.160.0/20,200.122.168.229,200.155.17.172,200.168.143.247 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 200.171.128.39,200.171.170.10,200.205.145.90,200.219.224.48,200.234.196.118,200.234.196.19,200.234.196.90,200.234.200.139,200.241.52.18,200.35.146.150 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 200.35.151.36,200.46.83.204,200.46.83.245,200.63.42.136,200.63.42.141,200.63.42.81,200.63.44.177,200.63.45.0/24,200.63.48.105,200.63.48.140 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 200.87.164.22,201.134.249.164,201.16.248.189,201.212.0.243,201.218.250.124,201.235.145.105,201.248.238.0/24,201.76.59.58,202.123.79.22,202.172.28.113 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 202.172.28.38,202.174.106.50,202.174.106.51,202.174.106.52,202.187.140.0/24,202.187.141.0/24,202.190.175.228,202.191.61.27,202.28.117.82,202.41.215.171 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 202.54.119.132,202.65.111.10,202.67.230.203,202.71.102.0/24,202.71.111.234,202.73.56.169,202.73.57.11,202.73.57.20,202.73.57.22,202.73.57.25 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 202.73.57.6,202.75.35.101,202.75.35.222,202.75.36.22,202.75.63.116,202.80.178.128,202.82.11.4,202.91.245.221,202.95.104.0/24,203.116.63.113 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.117.0.0/16,203.119.6.11,203.121.110.150,203.121.110.151,203.121.110.152,203.121.110.153,203.121.110.154,203.121.110.155,203.121.110.156,203.121.110.157 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.110.158,203.121.110.159,203.121.110.160,203.121.110.161,203.121.110.162,203.121.110.163,203.121.110.164,203.121.110.165,203.121.110.166,203.121.110.167 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.110.168,203.121.110.169,203.121.110.170,203.121.110.171,203.121.110.172,203.121.110.173,203.121.110.174,203.121.110.175,203.121.110.176,203.121.110.177 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.110.178,203.121.110.179,203.121.110.196,203.121.110.217,203.121.110.221,203.121.110.229,203.121.110.247,203.121.110.36,203.121.110.37,203.121.110.38 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.110.39,203.121.110.40,203.121.110.41,203.121.110.42,203.121.110.43,203.121.110.44,203.121.110.45,203.121.111.200,203.121.67.170,203.121.67.171 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.67.230,203.121.67.231,203.121.67.232,203.121.67.233,203.121.67.234,203.121.67.235,203.121.67.236,203.121.67.237,203.121.67.238,203.121.67.239 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.67.32,203.121.67.33,203.121.67.34,203.121.67.35,203.121.67.36,203.121.67.37,203.121.67.38,203.121.67.39,203.121.67.40,203.121.67.41 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.67.54,203.121.68.18,203.121.69.134,203.121.69.135,203.121.69.136,203.121.69.137,203.121.69.138,203.121.69.143,203.121.69.144,203.121.69.145 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.121.69.146,203.121.71.180,203.121.73.209,203.121.73.24,203.121.78.148,203.121.79.184,203.121.79.212,203.121.79.71,203.121.79.72,203.121.80.163 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 203.142.19.81,203.146.129.185,203.157.64.24,203.169.128.0/19,203.169.164.18,203.174.83.75,203.211.145.203,203.22.204.226,203.22.204.97,203.93.212.239 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 204.13.160.15,204.13.160.38,204.13.161.103,204.13.161.136,204.13.161.177,204.14.110.38,204.16.244.155,204.16.244.222,204.16.247.230,204.16.252.112 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 204.2.183.50,204.225.123.154,204.251.15.190,204.27.56.74,204.27.57.227,204.8.223.140,204.8.223.249,205.134.162.147,205.134.170.131,205.134.191.187 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 205.134.225.120,205.177.124.46,205.178.145.65,205.178.150.185,205.196.212.97,205.209.137.109,205.209.137.110,205.209.143.94,205.219.188.169,205.234.140.186 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 205.234.184.106,205.234.186.234,205.234.197.209,205.234.197.40,205.234.206.30,205.252.166.58,205.252.166.60,205.252.166.61,205.252.167.72,205.252.24.226 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.123.100.12,206.125.44.28,206.125.44.30,206.161.120.0/24,206.161.121.10,206.161.121.58,206.161.121.82,206.161.126.0/24,206.161.193.131,206.161.200.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.161.201.180,206.161.201.181,206.161.202.196,206.161.202.198,206.161.202.199,206.161.202.206,206.161.205.52,206.161.206.186,206.161.206.187,206.221.184.140 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.222.31.218,206.222.31.219,206.225.86.123,206.251.244.227,206.251.244.252,206.51.225.217,206.51.226.211,206.51.226.78,206.51.234.0/24,206.51.235.12 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.51.235.172,206.51.235.4,206.51.236.150,206.51.236.151,206.51.236.152,206.51.236.153,206.51.236.154,206.51.236.155,206.51.236.156,206.51.236.157 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.51.236.158,206.51.236.159,206.51.237.93,206.51.238.166,206.51.238.167,206.51.238.200,206.51.238.27,206.51.238.40,206.51.238.41,206.51.238.42 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.51.238.43,206.51.238.44,206.51.238.45,206.51.238.46,206.51.238.47,206.51.238.48,206.51.238.49,206.51.238.5,206.53.48.156,206.53.51.155 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 206.53.61.71,206.53.61.75,206.53.61.76,207.150.191.115,207.150.191.116,207.176.7.0/24,207.182.136.106,207.182.136.107,207.182.136.108,207.182.141.42 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 207.189.104.89,207.189.119.29,207.189.119.30,207.210.104.106,207.210.112.209,207.210.85.61,207.210.88.52,207.226.164.54,207.226.167.94,207.226.168.239 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 207.226.173.0/24,207.226.175.0/24,207.226.178.149,207.226.178.162,207.226.178.163,207.226.179.0/24,207.226.182.0/24,207.226.88.123,207.226.88.124,207.36.232.55 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 207.44.164.50,207.58.145.101,207.58.145.102,207.58.145.103,207.58.145.104,208.100.34.148,208.100.61.101,208.100.61.2,208.101.11.160,208.101.11.161 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.101.11.162,208.101.11.163,208.101.11.164,208.101.11.165,208.101.11.166,208.101.11.167,208.101.21.18,208.101.41.224,208.101.41.225,208.101.41.226 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.101.41.227,208.101.41.228,208.101.41.229,208.101.41.230,208.101.41.231,208.101.43.67,208.101.56.100,208.109.181.42,208.109.189.112,208.109.203.164 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.110.70.81,208.110.80.170,208.113.141.194,208.113.153.62,208.113.161.124,208.113.162.113,208.113.168.60,208.122.40.22,208.122.40.253,208.43.120.88 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.43.121.156,208.43.124.186,208.43.125.104,208.43.125.107,208.43.125.236,208.43.130.19,208.43.155.64,208.43.202.159,208.43.231.66,208.43.232.224 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.43.242.238,208.43.250.121,208.43.27.11,208.43.41.0/24,208.43.73.230,208.43.79.11,208.43.92.68,208.53.147.189,208.66.192.0/22,208.72.160.0/20 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.72.168.0/21,208.72.173.0/24,208.73.210.121,208.73.210.32,208.73.210.50,208.75.183.18,208.75.183.19,208.75.230.43,208.77.101.104,208.77.45.146 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.79.82.0/24,208.80.184.202,208.80.184.203,208.85.181.67,208.85.181.68,208.85.181.69,208.85.181.70,208.87.148.0/23,208.87.242.120,208.87.242.130 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.87.243.4,208.87.33.150,208.88.224.0/24,208.88.226.199,208.88.226.71,208.88.227.214,208.88.227.216,208.88.227.234,208.88.227.36,208.88.227.38 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 208.88.227.39,208.88.227.40,208.88.51.100,208.88.51.105,208.88.53.0/24,208.98.11.187,208.98.22.0/24,208.98.6.67,209.123.181.122,209.123.181.22 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.123.181.85,209.123.8.188,209.160.20.116,209.160.20.117,209.160.21.125,209.160.21.218,209.160.21.51,209.160.24.29,209.160.38.125,209.160.65.158 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.160.65.62,209.160.66.201,209.160.67.56,209.160.67.74,209.160.68.98,209.160.71.110,209.160.72.174,209.160.73.141,209.160.73.4,209.162.188.225 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.162.189.26,209.172.37.190,209.172.41.53,209.172.44.132,209.172.44.212,209.190.16.82,209.190.24.10,209.190.24.3,209.190.24.6,209.190.85.36 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.197.3.119,209.20.88.75,209.200.124.200,209.200.162.193,209.200.60.137,209.200.63.169,209.200.63.179,209.200.63.184,209.200.91.44,209.202.252.41 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.202.252.50,209.216.193.100,209.216.193.98,209.249.222.37,209.249.222.48,209.250.227.0/24,209.250.230.0/24,209.250.232.0/24,209.250.235.0/24,209.250.236.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.250.237.0/24,209.250.239.17,209.250.241.134,209.250.241.141,209.250.241.164,209.250.241.240,209.250.241.244,209.44.100.58,209.44.111.57,209.44.111.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.44.111.59,209.44.111.60,209.44.115.202,209.44.126.0/24,209.44.126.102,209.44.126.104,209.44.126.22,209.44.126.241,209.44.126.36,209.51.155.138 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.51.195.116,209.51.196.240/28,209.51.196.248,209.51.196.250,209.51.196.251,209.51.196.252,209.51.196.253,209.51.196.254,209.59.177.9,209.59.181.47 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.59.181.48,209.59.194.20,209.59.194.246,209.59.194.250,209.62.105.151,209.62.20.153,209.62.20.163,209.62.20.192,209.62.20.245,209.62.21.201 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.62.27.84,209.62.57.146,209.62.7.138,209.62.7.250,209.62.7.253,209.62.72.165,209.62.72.169,209.62.72.173,209.62.72.250,209.62.76.10 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.62.85.110,209.63.57.10,209.66.114.22,209.66.120.0/24,209.66.123.187,209.66.123.64,209.66.123.65,209.66.123.72,209.66.123.88,209.66.123.93 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.66.124.52,209.67.211.122,209.67.211.2,209.67.211.3,209.67.214.194,209.67.214.61,209.67.214.62,209.67.215.178,209.8.151.186,209.8.151.188 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.8.151.190,209.8.19.133,209.8.19.213,209.8.20.190,209.8.20.227,209.8.23.70,209.8.23.87,209.8.237.142,209.8.24.0/24,209.8.25.114 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.8.25.204,209.8.25.254,209.8.25.66,209.8.45.124,209.8.45.147,209.8.45.148,209.8.45.150,209.8.45.153,209.8.47.0/24,209.81.12.132 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 209.81.12.133,209.85.25.210,209.85.51.0/24,209.85.73.222,209.85.84.0/24,209.85.87.42,209.85.97.155,209.85.99.34,209.9.170.194,209.9.170.202 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 210.1.248.252,210.114.175.174,210.145.102.19,210.253.127.9,210.48.149.206,210.48.153.232,210.48.154.132,210.48.154.136,210.51.180.239,210.51.25.120 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 210.51.25.206,210.51.37.113,210.51.51.144,210.51.51.176,210.51.58.103,210.51.58.90,210.83.80.222,210.83.85.100,210.83.85.101,211.139.106.172 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 211.147.227.243,211.152.33.4,211.155.27.250,211.167.67.90,211.172.232.237,211.234.100.137,211.238.13.158,211.244.22.196,211.36.253.32,211.49.99.92 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 211.91.237.3,211.95.72.87,211.95.72.88,211.95.72.93,211.95.73.189,211.95.78.104,211.95.78.108,211.95.78.118,211.95.78.119,211.95.78.66 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 211.95.78.71,211.95.78.73,211.95.78.79,211.95.78.88,211.95.78.99,211.95.79.229,211.95.79.241,211.95.79.242,211.95.79.57,211.95.79.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 211.95.79.6,212.100.224.219,212.117.160.22,212.117.162.192,212.117.162.194,212.117.162.90,212.117.163.162,212.117.163.164,212.117.163.165,212.117.164.120 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.117.164.121,212.117.165.126,212.117.165.127,212.117.165.128,212.117.165.197,212.117.165.237,212.117.175.218,212.117.185.14,212.117.185.18,212.117.185.19 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.117.185.34,212.117.185.40,212.117.185.53,212.118.48.210,212.123.6.224,212.150.130.183,212.150.164.82,212.150.164.84,212.158.162.5,212.158.167.16 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.174.81.120,212.174.81.122,212.174.81.123,212.174.81.124,212.174.81.19,212.179.35.117,212.193.37.141,212.227.111.21,212.227.111.29,212.227.32.119 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.227.34.3,212.24.53.0/24,212.24.54.3,212.27.63.165,212.36.9.1,212.47.211.166,212.62.98.114,212.63.206.51,212.77.128.0/20,212.84.166.131 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.91.185.27,212.93.222.10,212.95.32.166,212.95.32.171,212.95.32.26,212.95.33.25,212.95.37.133,212.95.37.184,212.95.37.186,212.95.37.211 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.95.40.205,212.95.40.44,212.95.48.51,212.95.49.252,212.95.51.75,212.95.51.76,212.95.53.103,212.95.53.142,212.95.54.105,212.95.54.106 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 212.95.54.113,212.95.55.135,212.97.132.137,212.97.132.140,212.98.162.59,213.131.252.251,213.133.100.58,213.133.101.7,213.133.110.21,213.136.106.214 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.155.0.200,213.155.1.46,213.155.10.178,213.155.10.56,213.155.10.58,213.155.10.63,213.155.13.108,213.155.2.104,213.155.2.105,213.155.2.37 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.155.29.101,213.155.3.117,213.155.3.152,213.155.3.154,213.155.4.32,213.155.4.72,213.155.4.80,213.155.6.32,213.155.7.144,213.155.7.248 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.163.64.79,213.163.64.81,213.163.65.10,213.163.65.9,213.163.91.244,213.163.91.246,213.163.91.91,213.165.80.179,213.171.219.234,213.171.222.30 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.174.134.1,213.174.134.38,213.174.136.0/22,213.174.141.108,213.174.141.39,213.174.142.0/24,213.174.143.196,213.174.152.166,213.174.152.2,213.174.153.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.175.196.80,213.180.199.19,213.180.199.3,213.180.199.48,213.180.204.8,213.180.9.66,213.182.197.0/24,213.186.116.147,213.186.116.213,213.186.33.19 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.186.33.80,213.186.33.87,213.189.213.54,213.189.9.176,213.189.9.75,213.193.4.11,213.202.225.36,213.232.249.139,213.235.249.198,213.239.210.54 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 213.242.207.249,213.246.56.31,213.251.170.24,213.27.4.46,213.81.152.54,216.104.40.74,216.108.239.128,216.108.239.62,216.118.117.15,216.118.117.156 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.118.117.160,216.118.117.64,216.12.161.18,216.12.168.138,216.122.59.222,216.130.188.207,216.14.124.11,216.14.80.49,216.146.46.20,216.146.46.8 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.15.150.177,216.150.79.186,216.150.79.74,216.152.240.12,216.169.106.222,216.180.227.76,216.187.118.219,216.188.26.0/24,216.19.200.237,216.195.32.90 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.32.93,216.195.32.94,216.195.33.107,216.195.33.139,216.195.33.141,216.195.33.144,216.195.33.147,216.195.34.0/24,216.195.35.99,216.195.36.123 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.36.182,216.195.37.251,216.195.40.117,216.195.40.120,216.195.40.145,216.195.40.51,216.195.40.64,216.195.42.0/24,216.195.43.0/24,216.195.44.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.46.252,216.195.48.10,216.195.48.113,216.195.48.45,216.195.48.52,216.195.49.0/24,216.195.50.0/24,216.195.52.16,216.195.52.52,216.195.54.233 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.55.137,216.195.55.139,216.195.55.140,216.195.55.78,216.195.55.80,216.195.56.149,216.195.56.150,216.195.56.234,216.195.56.30,216.195.56.86 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.56.87,216.195.56.88,216.195.57.40,216.195.57.41,216.195.57.43,216.195.57.46,216.195.57.47,216.195.57.49,216.195.57.52,216.195.58.106 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.58.107,216.195.58.11,216.195.58.114,216.195.58.127,216.195.58.169,216.195.58.170,216.195.58.171,216.195.58.172,216.195.58.20,216.195.58.209 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.58.210,216.195.58.211,216.195.58.212,216.195.58.38,216.195.59.112,216.195.59.117,216.195.59.120,216.195.59.144,216.195.59.157,216.195.59.75 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.59.77,216.195.59.78,216.195.59.79,216.195.59.80,216.195.59.81,216.195.59.82,216.195.59.83,216.195.59.85,216.195.60.227,216.195.61.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.195.62.0/24,216.195.63.0/24,216.200.3.163,216.218.162.0/24,216.226.131.77,216.227.214.53,216.230.250.84,216.240.131.132,216.240.134.208,216.240.134.211 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.240.134.238,216.240.138.220,216.240.138.221,216.240.139.239,216.240.140.201,216.240.143.10,216.240.143.12,216.240.143.16,216.240.143.17,216.240.143.6 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.240.143.7,216.240.143.8,216.240.143.9,216.240.146.119,216.240.148.5,216.240.148.6,216.240.148.9,216.240.157.180,216.240.157.88,216.240.157.91 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.240.158.190,216.245.208.165,216.246.91.49,216.255.176.0/20,216.32.75.2,216.32.76.180,216.32.76.6,216.32.76.87,216.32.78.18,216.32.83.104 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.32.83.110,216.32.83.111,216.32.86.106,216.32.88.10,216.32.88.11,216.32.95.94,216.34.131.131,216.34.131.135,216.34.94.184,216.40.204.99 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.40.230.4,216.40.33.252,216.40.33.30,216.40.33.31,216.40.33.35,216.55.142.4,216.55.163.216,216.64.158.131,216.7.89.0/24,216.75.62.101 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 216.8.179.24,216.81.64.192,216.83.44.0/22,216.83.60.0/22,216.86.155.41,216.97.230.35,216.97.237.20,217.106.233.10,217.106.233.9,217.106.234.193 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.107.217.167,217.107.217.27,217.107.217.29,217.107.218.70,217.107.219.112,217.107.219.153,217.107.219.39,217.107.34.119,217.107.34.217,217.107.34.6 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.107.34.7,217.11.54.126,217.112.35.59,217.112.37.30,217.112.37.31,217.112.94.230,217.112.94.231,217.146.87.0/24,217.147.30.100,217.159.201.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.16.16.0/20,217.170.64.0/20,217.171.66.245,217.188.246.105,217.199.217.3,217.199.217.9,217.199.218.50,217.20.112.96,217.20.112.98,217.20.113.236 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.20.115.72,217.20.115.89,217.20.121.38,217.20.126.120,217.20.210.6,217.20.211.0/24,217.218.225.2,217.26.144.122,217.26.168.135,217.28.146.253 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 217.67.22.83,217.74.66.183,217.75.203.10,217.75.98.213,217.77.152.28,218.10.18.76,218.106.90.227,218.107.207.150,218.107.207.40,218.108.84.72 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 218.16.224.73,218.16.225.50,218.213.77.96,218.232.109.134,218.239.45.132,218.244.147.129,218.5.74.92,218.5.76.219,218.5.77.19,218.5.79.63 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 218.5.81.148,218.56.37.6,218.6.12.82,218.6.2.195,218.61.204.206,218.61.204.214,218.61.204.215,218.83.161.104,218.85.132.203,218.85.139.33 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 218.93.202.102,218.93.202.114,218.93.202.50,218.93.205.136,218.93.205.19,218.93.205.242,218.93.205.243,218.93.205.41,219.148.34.10,219.148.34.7 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 219.148.34.9,219.152.120.118,219.153.48.163,219.240.39.230,220.194.44.67,220.196.42.218,220.196.42.220,220.196.59.0/24,220.196.59.23,220.248.167.110 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 220.248.184.7,220.248.186.106,221.10.252.244,221.12.89.139,221.122.64.42,221.192.8.90,221.5.74.0/24,221.5.74.37,221.6.181.152,222.122.56.164 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 222.124.24.7,222.186.12.137,222.186.13.219,222.186.9.187,222.188.0.25,222.189.228.27,222.189.239.3,222.214.218.61,222.222.222.222,222.231.1.201 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 222.236.44.69,222.73.219.143,222.73.219.58,222.73.37.203,222.73.37.250,222.73.37.253,222.76.217.174,222.76.217.235,222.77.178.165,23.23.23.23 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 24.244.141.80,24.244.171.69,24.77.22.109,38.100.93.0/24,38.103.173.98,38.105.19.27,38.105.19.28,38.105.19.29,38.113.1.102,38.114.196.10 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 38.117.90.45,38.97.225.166,38.99.170.210,38.99.170.9,4.16.224.183,41.215.241.10,58.17.3.35,58.180.222.100,58.215.79.176,58.225.75.168 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 58.241.255.34,58.241.255.37,58.64.130.11,58.65.232.0/21,58.83.8.19,59.125.229.68,59.125.229.74,59.125.231.252,59.148.221.79,59.148.221.89 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 59.34.197.133,59.34.216.143,60.173.11.155,60.173.12.44,60.190.203.89,60.191.187.14,60.191.252.68,60.191.254.251,60.220.248.57,60.253.96.9 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 60.29.232.31,60.29.232.32,61.134.43.215,61.139.126.15,61.139.126.91,61.141.5.53,61.150.91.14,61.150.91.30,61.152.95.193,61.160.232.114 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 61.160.247.37,61.188.87.230,61.191.52.61,61.191.63.153,61.221.40.63,61.235.117.71,61.235.117.74,61.235.117.85,61.235.117.88,61.235.117.88/25 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 61.33.191.132,61.59.24.45,61.59.24.55,61.61.61.61,61.67.193.1,61.7.235.227,62.109.16.208,62.109.2.32,62.109.4.197,62.118.252.230 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 62.118.254.157,62.140.23.135,62.149.12.191,62.149.140.93,62.149.16.49,62.149.18.11,62.149.18.21,62.149.18.34,62.149.23.191,62.149.27.117 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 62.149.28.166,62.149.28.27,62.16.115.84,62.168.168.9,62.175.249.135,62.176.16.0/22,62.176.16.0/23,62.178.239.217,62.193.203.13,62.211.68.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 62.212.66.20,62.212.66.75,62.212.67.146,62.212.67.170,62.213.74.8,62.250.4.168,62.4.83.129,62.75.202.206,62.80.102.253,62.80.127.193 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 63.119.44.197,63.146.2.22,63.146.2.92,63.146.2.93,63.214.247.170,63.217.28.226,63.217.29.114,63.217.30.58,63.217.31.45,63.217.31.46 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 63.217.31.47,63.217.31.48,63.218.226.67,63.219.176.162,63.219.178.186,63.219.178.190,63.219.178.218,63.219.178.227,63.219.178.82,63.219.178.85 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 63.219.178.89,63.219.178.90,63.220.7.82,63.223.110.177,63.227.18.137,63.243.173.162,63.251.171.0/24,63.251.83.74,63.251.92.0/24,64.111.196.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.111.197.0/24,64.111.199.221,64.111.207.5,64.111.214.2,64.120.173.118,64.124.210.59,64.124.210.60,64.124.222.0/24,64.14.244.60,64.15.155.240 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.15.205.211,64.15.205.212,64.15.72.80,64.150.176.14,64.150.177.215,64.150.177.217,64.150.177.247,64.18.144.0/24,64.191.102.134,64.191.102.135 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.191.102.136,64.191.102.137,64.191.102.229,64.191.12.37,64.191.12.38,64.191.12.53,64.191.123.37,64.191.16.128/27,64.191.16.149,64.191.25.166 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.191.3.53,64.191.30.160,64.191.38.197,64.191.38.198,64.191.38.199,64.191.47.213,64.191.64.246,64.191.78.0/24,64.191.90.213,64.191.90.214 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.191.91.230,64.191.92.197,64.20.33.156,64.20.36.218,64.20.38.171,64.20.38.172,64.20.38.242,64.20.38.90,64.20.38.91,64.20.56.138 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.202.107.23,64.208.226.72,64.208.226.93,64.21.100.203,64.21.100.205,64.21.129.136,64.21.144.140,64.21.182.152,64.21.182.153,64.21.182.154 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.21.182.155,64.21.182.156,64.21.182.157,64.21.182.158,64.21.182.159,64.21.182.160,64.21.21.128/27,64.21.21.143,64.21.21.148,64.21.37.41 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.21.37.43,64.21.37.47,64.21.37.88,64.21.37.89,64.21.37.90,64.21.37.91,64.21.37.92,64.21.37.93,64.21.37.94,64.21.37.98 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.21.43.179,64.21.43.183,64.21.86.16,64.213.140.68,64.213.140.69,64.213.140.70,64.213.140.71,64.22.106.107,64.235.47.65,64.235.52.240 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.235.57.21,64.247.16.208,64.247.16.215,64.247.49.31,64.247.58.168,64.251.10.77,64.251.28.222,64.255.172.50,64.26.155.161,64.27.13.94 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.27.16.138,64.27.18.53,64.27.18.54,64.27.24.153,64.27.28.224,64.27.28.225,64.27.29.101,64.27.5.163,64.27.5.202,64.27.52.122 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.28.176.0/20,64.28.187.0/24,64.32.13.153,64.32.21.3,64.32.5.0/24,64.34.46.254,64.34.46.60,64.40.103.249,64.40.117.19,64.40.117.34 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.40.118.10,64.40.118.124,64.40.118.8,64.46.38.133,64.62.181.43,64.62.181.46,64.69.32.189,64.69.32.202,64.69.32.203,64.69.32.204 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.69.32.206,64.69.32.219,64.69.32.220,64.69.41.18,64.69.46.61,64.69.68.0/24,64.70.19.33,64.85.168.251,64.86.133.220,64.86.133.221 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.86.133.222,64.86.133.224,64.86.133.225,64.86.133.37,64.86.133.51,64.86.133.58,64.86.133.85,64.86.133.91,64.86.16.0/24,64.86.17.13 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.86.17.17,64.86.17.2,64.86.17.20,64.86.17.30,64.86.17.43,64.86.17.44,64.86.17.47,64.86.17.5,64.86.17.54,64.86.17.55 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.86.17.9,64.91.254.69,64.92.166.251,64.92.166.252,64.92.166.254,64.92.170.128,64.92.170.134,64.92.170.135,64.92.170.144,64.92.170.145 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.92.170.146,64.92.170.147,64.92.170.148,64.92.170.149,64.92.170.150,64.92.170.151,64.92.173.179,64.92.174.218,64.92.174.70,64.94.117.193 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 64.94.31.67,65.110.50.141,65.110.60.122,65.110.60.123,65.110.60.70,65.111.162.94,65.182.100.196,65.23.153.152,65.23.153.197,65.23.153.78 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 65.243.103.0/24,65.247.182.200,65.254.51.163,65.254.54.178,65.254.54.179,65.60.44.194,65.60.54.58,65.60.6.116,65.75.169.178,65.75.169.179 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 65.98.15.47,65.98.19.103,65.99.230.107,66.11.154.210,66.112.221.139,66.113.163.254,66.114.72.115,66.114.72.117,66.115.136.52,66.115.146.145 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.116.188.175,66.117.40.216,66.118.146.67,66.118.146.69,66.128.62.124,66.129.68.65,66.135.41.29,66.147.240.152,66.147.240.157,66.148.71.9 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.148.80.4,66.150.120.131,66.150.161.136,66.150.161.137,66.150.161.140,66.150.161.141,66.152.166.189,66.152.78.69,66.152.78.70,66.152.78.75 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.154.75.63,66.172.83.223,66.172.83.224,66.197.149.38,66.197.154.198,66.197.154.199,66.197.154.200,66.197.154.201,66.197.165.41,66.197.165.55 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.197.170.5,66.197.171.37,66.197.171.6,66.197.187.5,66.197.213.117,66.197.68.184,66.197.94.155,66.199.152.4,66.199.229.229,66.199.229.253 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.199.232.222,66.199.237.127,66.199.242.18,66.199.242.19,66.199.248.195,66.199.251.162,66.206.17.28,66.206.17.29,66.206.17.30,66.206.17.31 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.212.19.146,66.225.215.231,66.225.241.14,66.226.75.118,66.226.87.107,66.230.133.40,66.230.155.157,66.230.161.0/24,66.230.167.0/24,66.230.174.60 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.230.175.0/24,66.230.208.19,66.232.105.0/24,66.232.106.77,66.232.106.86,66.232.106.90,66.232.106.92,66.232.106.93,66.232.108.154,66.232.109.120 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.109.121,66.232.109.122,66.232.109.123,66.232.109.124,66.232.109.125,66.232.109.126,66.232.109.127,66.232.109.128,66.232.109.129,66.232.109.130 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.109.131,66.232.109.249,66.232.109.250,66.232.111.112,66.232.112.86,66.232.113.44,66.232.113.45,66.232.113.46,66.232.113.48,66.232.113.49 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.113.57,66.232.113.62,66.232.113.63,66.232.113.80,66.232.114.134,66.232.114.152,66.232.114.56,66.232.114.57,66.232.116.2,66.232.116.3 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.116.6,66.232.117.33,66.232.117.38,66.232.118.147,66.232.124.38,66.232.124.39,66.232.124.40,66.232.124.41,66.232.124.42,66.232.125.202 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.125.208,66.232.125.223,66.232.126.189,66.232.126.190,66.232.126.192,66.232.126.193,66.232.126.194,66.232.126.47,66.232.126.48,66.232.126.49 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.126.50,66.232.126.51,66.232.126.52,66.232.126.74,66.232.126.75,66.232.126.76,66.232.126.77,66.232.126.78,66.232.126.79,66.232.126.80 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.232.127.127,66.232.127.128,66.232.127.129,66.232.127.130,66.232.127.44,66.232.26.91,66.235.160.93,66.235.180.194,66.235.180.238,66.241.193.42 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.244.254.0/24,66.246.222.32,66.246.222.33,66.246.235.32,66.246.235.42,66.246.237.0/27,66.246.72.50,66.249.28.153,66.249.5.0/24,66.252.0.0/19 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.29.11.144,66.29.115.68,66.29.121.58,66.29.15.140,66.29.15.141,66.29.50.174,66.29.50.176,66.29.50.183,66.29.89.64,66.33.195.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.35.111.73,66.36.241.193,66.36.242.224,66.39.5.165,66.40.52.62,66.40.52.63,66.40.52.64,66.40.52.66,66.40.52.70,66.40.52.71 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.40.56.10,66.40.56.36,66.45.226.211,66.45.226.226,66.45.226.227,66.45.226.26,66.45.226.42,66.45.226.43,66.45.226.44,66.45.226.45 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.45.227.90,66.45.227.91,66.45.227.92,66.45.227.93,66.45.227.94,66.45.229.50,66.45.229.51,66.45.229.52,66.45.229.53,66.45.229.54 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.45.229.55,66.45.229.56,66.45.229.57,66.45.229.58,66.45.229.59,66.45.229.60,66.45.229.61,66.45.230.194,66.45.236.162,66.45.237.219 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.48.82.31,66.49.222.162,66.63.167.50,66.7.179.198,66.7.213.144,66.7.215.209,66.7.219.192,66.7.56.125,66.70.156.114,66.71.244.69 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.79.163.21,66.90.101.177,66.90.101.183,66.96.130.40,66.96.131.82,66.96.143.191,66.96.216.215,66.96.252.199,66.96.255.69,66.96.85.112 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 66.96.85.113,66.98.242.165,66.98.242.18,67.130.99.0/24,67.137.217.219,67.15.107.168,67.15.11.100,67.15.184.7,67.15.253.241,67.15.56.128 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.15.62.181,67.15.76.243,67.15.77.182,67.159.45.3,67.18.129.147,67.18.129.149,67.18.179.0/24,67.19.17.210,67.19.24.170,67.19.244.4 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.19.244.5,67.19.244.9,67.19.72.201,67.19.72.202,67.205.75.0/24,67.205.93.165,67.207.71.171,67.207.71.174,67.210.0.0/20,67.210.12.0/23 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.210.124.90,67.210.126.50,67.210.13.93,67.210.13.94,67.210.14.0/23,67.211.161.0,67.212.187.114,67.212.187.58,67.212.187.61,67.212.187.62 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.212.188.154,67.212.80.121,67.212.80.124,67.212.80.125,67.212.81.29,67.215.12.140,67.215.231.242,67.215.241.202,67.215.253.2,67.215.66.132 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.220.197.51,67.220.199.181,67.220.66.0/24,67.220.67.0/24,67.220.72.0/24,67.220.73.0/24,67.220.74.0/24,67.220.75.0/24,67.222.128.29,67.222.150.103 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.225.136.4,67.225.137.254,67.225.151.248,67.225.151.254,67.225.151.4,67.225.158.16,67.225.179.95,67.228.10.28,67.228.10.29,67.228.101.157 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.111.217,67.228.112.232,67.228.112.233,67.228.112.234,67.228.112.235,67.228.122.235,67.228.128.55,67.228.137.255,67.228.139.19,67.228.139.205 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.139.26,67.228.144.205,67.228.144.211,67.228.144.253,67.228.144.26,67.228.177.181,67.228.188.64,67.228.189.128,67.228.189.192,67.228.194.237 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.22.132,67.228.222.240,67.228.222.241,67.228.222.242,67.228.222.243,67.228.222.244,67.228.222.245,67.228.222.246,67.228.222.247,67.228.224.78 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.237.248,67.228.237.249,67.228.237.251,67.228.250.128,67.228.38.114,67.228.39.240,67.228.39.241,67.228.39.242,67.228.39.243,67.228.39.244 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.228.39.245,67.228.39.246,67.228.39.247,67.228.47.0,67.228.50.241,67.228.53.183,67.23.11.229,67.43.224.213,67.43.224.216,67.43.226.154 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.43.226.242,67.43.230.125,67.43.230.98,67.43.230.99,67.43.236.0/24,67.43.237.75,67.43.237.77,67.43.237.78,67.43.239.57,67.43.239.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 67.55.51.116,67.55.79.181,67.55.81.0/24,68.233.192.223,69.1.78.0/24,69.10.32.154,69.10.32.155,69.10.34.51,69.10.35.251,69.10.44.207 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.10.49.193,69.10.52.11,69.10.52.12,69.10.52.13,69.10.52.14,69.10.59.34,69.147.239.106,69.154.143.170,69.16.229.102,69.162.75.30 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.162.76.42,69.162.76.43,69.163.128.127,69.175.10.74,69.20.104.139,69.20.104.41,69.20.117.228,69.20.68.36,69.20.68.41,69.20.71.82 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.20.71.83,69.22.162.0/23,69.22.168.0/21,69.22.184.0/22,69.237.82.158,69.251.151.205,69.253.217.224,69.26.176.28,69.28.252.35,69.30.192.58 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.31.115.113,69.31.115.235,69.31.115.75,69.31.115.76,69.31.128.0/24,69.31.40.0/21,69.31.52.156,69.31.64.0/20,69.31.80.0/21,69.31.91.46 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.39.224.0/24,69.4.230.204,69.4.230.232,69.4.230.80,69.4.230.81,69.4.230.82,69.4.230.83,69.4.230.84,69.4.230.85,69.4.232.241 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.4.32.137,69.41.183.0/24,69.42.216.0/24,69.42.65.148,69.46.16.99,69.46.228.171,69.46.228.231,69.46.228.36,69.46.228.45,69.46.228.55 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.46.230.60,69.46.25.35,69.50.160.0/19,69.50.198.57,69.50.198.72,69.55.51.5,69.59.17.194,69.59.17.195,69.59.17.196,69.59.17.202 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.59.17.203,69.59.17.5,69.59.17.6,69.59.21.247,69.59.21.248,69.59.26.51,69.59.26.52,69.60.114.44,69.64.145.0/24,69.64.147.11 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.64.147.14,69.64.147.16,69.64.147.17,69.64.147.19,69.64.147.20,69.64.147.200,69.64.147.208,69.64.147.21,69.64.147.213,69.64.147.214 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.64.147.215,69.64.147.22,69.64.147.249,69.64.155.0/24,69.64.159.1,69.64.33.149,69.64.33.24,69.64.33.242,69.64.42.172,69.64.42.226 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.64.50.161,69.64.59.172,69.64.67.194,69.65.5.122,69.65.96.217,69.72.255.8,69.73.129.21,69.73.158.14,69.89.17.18,69.89.27.211 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 69.90.81.133,69.93.106.11,69.93.226.154,69.93.64.230,70.32.93.225,70.38.11.171,70.38.11.184,70.38.19.201,70.38.19.202,70.38.19.203 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 70.38.19.204,70.38.19.205,70.38.19.206,70.38.19.250,70.38.71.118,70.38.71.47,70.38.73.25,70.38.73.26,70.38.73.28,70.38.90.254 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 70.84.1.4,70.84.195.170,70.84.196.30,70.84.2.244,70.85.114.186,70.85.142.250,70.85.227.66,70.85.249.98,70.86.12.226,70.86.161.14 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 70.86.182.194,70.86.196.66,70.86.54.100,70.86.54.101,70.86.54.98,70.86.54.99,70.87.14.10,70.87.14.11,70.87.14.12,70.87.14.13 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 70.87.14.14,70.87.222.138,71.174.51.86,71.6.202.216,71.6.202.217,72.10.160.2,72.10.172.0/24,72.10.173.139,72.14.187.85,72.167.121.94 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.167.131.114,72.167.131.174,72.167.195.124,72.167.195.125,72.18.141.26,72.20.33.49,72.21.41.194,72.21.45.234,72.21.45.235,72.21.45.237 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.21.45.238,72.21.46.98,72.21.46.99,72.21.62.101,72.21.62.74,72.21.62.75,72.232.107.25/29,72.232.107.27,72.232.107.32,72.232.107.33/29 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.232.107.35,72.232.107.36,72.232.116.36,72.232.116.39,72.232.116.51,72.232.116.77,72.232.116.84,72.232.117.65,72.232.117.84,72.232.163.171 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.232.184.11,72.232.184.251,72.232.184.252,72.232.184.253,72.232.184.254,72.232.186.18,72.232.186.19,72.232.186.20,72.232.186.21,72.232.187.197 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.232.187.198,72.232.191.48,72.232.200.210,72.232.200.211,72.232.201.252,72.232.202.162,72.232.202.163,72.232.220.34,72.232.220.35,72.232.229.26 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.232.233.178,72.232.234.130,72.232.234.218,72.232.237.202,72.232.242.250,72.232.242.82,72.232.242.86,72.232.254.170,72.232.8.202,72.232.8.203 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.232.84.186,72.232.97.234,72.232.97.235,72.233.114.126,72.233.114.90,72.233.115.169,72.233.28.210,72.233.34.6,72.233.43.2,72.233.50.129 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.233.50.145,72.233.50.151,72.233.50.154,72.233.60.0/24,72.233.62.19,72.233.63.90,72.233.63.94,72.233.76.10,72.233.79.146,72.233.79.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.233.79.19,72.233.89.148,72.233.89.151,72.249.105.234,72.249.108.120,72.26.145.118,72.29.67.139,72.29.70.127,72.32.134.197,72.32.242.169 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.32.242.170,72.32.48.189,72.36.131.100,72.36.133.170,72.36.153.62,72.36.174.82,72.36.219.162,72.41.23.75,72.44.67.30,72.44.67.5 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.44.67.7,72.44.67.8,72.46.130.169,72.46.130.170,72.46.131.40,72.46.131.43,72.46.131.45,72.47.221.40,72.52.140.4,72.52.180.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 72.55.165.237,72.55.168.4,72.55.186.13,72.9.108.26,72.9.145.84,72.9.145.85,72.9.98.0/24,74.200.220.211,74.200.220.212,74.200.220.213 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.200.220.214,74.200.220.215,74.200.71.22,74.200.72.198,74.200.80.10,74.200.80.101,74.200.89.54,74.204.170.230,74.205.8.2,74.205.8.5 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.208.128.155,74.213.167.190,74.213.167.191,74.213.179.102,74.213.179.112,74.220.202.45,74.220.207.127,74.220.215.220,74.220.215.54,74.220.215.56 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.222.6.53,74.50.100.117,74.50.104.114,74.50.107.165,74.50.108.226,74.50.109.254,74.50.110.184,74.50.110.20,74.50.110.21,74.50.110.22 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.50.110.226,74.50.110.23,74.50.110.24,74.50.113.0/24,74.50.117.68,74.50.117.70,74.50.117.71,74.50.117.73,74.50.117.74,74.50.117.75 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.50.117.76,74.50.117.77,74.50.117.84,74.50.117.85,74.50.117.86,74.50.117.87,74.50.117.88,74.50.117.89,74.50.117.94,74.50.117.95 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.50.119.187,74.50.119.70,74.50.119.94,74.50.120.150,74.50.120.68,74.50.120.71,74.50.120.75,74.50.120.87,74.50.125.0/24,74.50.21.225 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.50.97.51,74.50.98.132,74.50.98.152,74.50.98.156,74.50.98.158,74.50.98.162,74.50.98.219,74.50.99.236,74.52.118.178,74.52.119.146 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.52.126.2,74.52.144.66,74.52.164.210,74.52.179.179,74.52.212.235,74.52.238.242,74.52.238.243,74.52.32.0/24,74.52.35.87,74.52.59.66 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.52.59.67,74.52.78.234,74.52.94.178,74.53.128.243,74.53.128.246,74.53.169.2,74.53.251.34,74.53.26.178,74.53.60.228,74.53.60.234 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.53.96.138,74.54.132.2,74.54.143.242,74.54.156.234,74.54.176.162,74.54.176.50,74.54.191.130,74.54.219.98,74.54.22.195,74.54.241.100 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.54.29.67,74.54.29.70,74.54.82.0/24,74.54.93.130,74.55.100.8,74.55.113.34,74.55.136.192/28,74.55.136.200,74.55.136.201,74.55.136.202 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.55.136.203,74.55.136.204,74.55.136.205,74.55.136.206,74.55.136.207,74.55.136.64,74.55.136.64/28,74.55.136.66,74.55.136.68,74.55.136.72 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.55.136.73,74.55.136.76,74.55.136.79,74.55.158.58,74.55.212.55,74.55.39.12,74.55.47.88/29,74.55.98.12,74.63.217.81,74.63.35.204 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.63.80.50,74.86.100.164,74.86.100.165,74.86.100.166,74.86.100.167,74.86.115.0/24,74.86.132.177,74.86.147.0/24,74.86.154.0/24,74.86.187.24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 74.86.207.103,74.86.22.177,75.101.129.55,75.102.17.5,75.102.24.14,75.102.9.7,75.119.216.186,75.125.132.0,75.125.132.0/27,75.125.135.192/28 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.125.156.78,75.125.162.112/29,75.125.164.240,75.125.164.240/29,75.125.164.243,75.125.164.246,75.125.164.247,75.125.178.144/28,75.125.178.155,75.125.178.156 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.125.178.157,75.125.178.158,75.125.200.226,75.125.207.50,75.125.215.35,75.125.215.48/28,75.125.215.50,75.125.215.54,75.125.215.57,75.126.137.166 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.126.142.106,75.126.142.108,75.126.149.156,75.126.206.122,75.126.206.125,75.126.22.187,75.126.22.190,75.126.25.209,75.126.25.211,75.126.3.176 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.126.3.177,75.126.3.178,75.126.3.181,75.126.3.191,75.126.57.16,75.126.75.50,75.126.75.53,75.126.85.199,75.127.81.214,75.127.91.231 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 75.141.222.60,75.181.10.124,76.162.102.189,76.162.108.1,76.162.143.189,76.162.178.195,76.73.12.138,76.73.32.102,76.73.37.250,76.74.154.110 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 76.74.239.143,76.74.239.45,76.74.249.30,76.74.249.5,76.76.101.84,76.76.101.85,76.76.101.86,76.76.103.162,76.76.103.163,76.76.103.164 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 76.76.103.166,76.76.103.82,76.76.22.221,76.76.3.154,76.9.23.148,77.220.177.0/24,77.220.178.56,77.221.128.0/19,77.222.40.169,77.222.40.2 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.222.40.207,77.222.40.3,77.222.40.33,77.232.66.18,77.244.211.0/24,77.244.220.0/24,77.245.146.10,77.245.146.2,77.245.146.3,77.245.146.4 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.245.146.5,77.245.146.6,77.245.146.7,77.245.146.8,77.245.61.0/24,77.247.178.40,77.247.178.42,77.37.14.18,77.37.18.36,77.37.18.61 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.37.19.173,77.37.19.179,77.37.19.43,77.73.98.0/24,77.74.12.60,77.74.197.117,77.74.48.107,77.91.224.0/21,77.92.145.10,77.92.145.11 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.92.145.12,77.92.145.13,77.92.145.18,77.92.145.19,77.92.145.20,77.92.145.21,77.92.145.26,77.92.145.27,77.92.145.28,77.92.88.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 77.93.210.188,78.107.239.134,78.108.177.103,78.108.177.104,78.108.177.2,78.108.177.3,78.108.177.31,78.108.177.32,78.108.177.34,78.108.177.94 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.108.178.208,78.108.178.25,78.108.178.57,78.108.179.100,78.108.179.213,78.108.179.23,78.108.179.71,78.108.179.73,78.108.179.77,78.108.180.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.108.180.233,78.108.180.90,78.108.182.164,78.108.183.227,78.108.184.48,78.108.81.100,78.109.16.219,78.109.18.10,78.109.18.205,78.109.18.234 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.109.18.8,78.109.20.154,78.109.20.162,78.109.20.50,78.109.21.186,78.109.22.131,78.109.22.135,78.109.23.1/29,78.109.23.7,78.109.25.216 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.109.25.217,78.109.25.218,78.109.28.144,78.109.28.216,78.109.28.217,78.109.28.41,78.109.28.45,78.109.29.112,78.109.29.114,78.109.29.116 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.109.29.33,78.109.29.40,78.109.30.200,78.110.166.108,78.110.166.203,78.110.166.60,78.110.175.21,78.110.50.113,78.111.80.213,78.129.142.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.129.158.68,78.129.166.0/24,78.129.166.233,78.129.202.0/24,78.129.205.64,78.129.207.168,78.129.223.19,78.137.168.33,78.140.132.11,78.140.133.15 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.140.138.105,78.140.139.105,78.140.141.107,78.140.141.114,78.140.145.144,78.140.23.18,78.143.16.7,78.157.129.71,78.157.141.0/24,78.157.142.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.157.143.0/24,78.159.101.166,78.159.101.239,78.159.101.27,78.159.101.40,78.159.102.97,78.159.102.99,78.159.106.128,78.159.106.128/25,78.159.106.129 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.106.130,78.159.106.159,78.159.106.193,78.159.106.197,78.159.106.255,78.159.112.146,78.159.112.200,78.159.112.25,78.159.112.43,78.159.112.98 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.114.116,78.159.114.175,78.159.115.122,78.159.115.215,78.159.115.216,78.159.117.102,78.159.118.144,78.159.118.165,78.159.118.207,78.159.118.215 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.118.217,78.159.118.218,78.159.118.229,78.159.118.62,78.159.122.197,78.159.124.235,78.159.125.159,78.159.126.199,78.159.96.134,78.159.96.16 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.96.42,78.159.97.21,78.159.97.49,78.159.98.112,78.159.98.139,78.159.98.217,78.159.98.93,78.159.99.224,78.159.99.52,78.159.99.54 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.159.99.66,78.24.219.164,78.26.144.206,78.26.179.0/24,78.31.65.216,78.41.207.196,78.46.129.170,78.46.148.49,78.46.151.181,78.46.152.171 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.46.152.8,78.46.183.24,78.46.183.24/29,78.46.183.25,78.46.183.26,78.46.183.30,78.46.183.31,78.46.205.65,78.46.205.69,78.46.205.70 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.46.216.233,78.46.216.237,78.46.216.238,78.46.33.111,78.46.67.80,78.46.86.4,78.46.88.142,78.46.88.202,78.46.90.230,78.47.100.189 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.47.127.10,78.47.132.216,78.47.132.220,78.47.132.221,78.47.159.185,78.47.159.54,78.47.168.82,78.47.172.66,78.47.172.67,78.47.200.154 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 78.47.200.155,78.47.222.220,78.47.240.106,78.47.248.113,78.47.91.153,79.112.76.56,79.113.23.229,79.113.83.13,79.132.198.0/24,79.132.211.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 79.135.160.0/19,79.143.176.0/22,79.170.40.21,79.170.40.38,79.174.64.13,79.174.64.228,79.174.66.47,79.71.239.81,79.98.25.99,79.99.122.34 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 8.12.35.78,80.156.86.78,80.190.54.181,80.233.168.21,80.233.221.247,80.233.221.253,80.237.132.56,80.24.176.145,80.248.208.141,80.250.24.17 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.250.24.18,80.70.224.0/20,80.77.80.0/20,80.79.118.184,80.83.210.226,80.86.87.241,80.86.89.131,80.87.199.13,80.87.199.14,80.87.206.99 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.90.114.11,80.90.114.34,80.90.118.102,80.90.118.34,80.90.118.35,80.90.118.37,80.91.176.135,80.91.177.106,80.91.191.138,80.91.191.170 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.91.191.188,80.91.76.147,80.91.76.148,80.91.76.149,80.91.76.150,80.91.76.151,80.91.76.152,80.91.76.153,80.91.76.154,80.92.162.40 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 80.93.216.229,80.93.48.54,80.93.49.141,80.93.49.192,80.93.50.149,80.93.56.4,80.93.57.179,80.93.57.211,80.93.62.112,80.95.160.73 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 81.169.145.69,81.169.145.72,81.174.66.128,81.176.232.102,81.176.232.103,81.176.236.12,81.176.68.175,81.176.68.18,81.176.68.61,81.177.157.22 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 81.177.22.144,81.177.26.41,81.177.3.242,81.177.8.0/24,81.22.60.153,81.222.2.22,81.222.8.2,81.222.9.2,81.222.9.6,81.31.152.218 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 81.31.42.131,81.9.5.197,81.94.16.0/20,81.95.128.0/19,81.95.144.0/20,81.95.156.0/22,82.103.130.171,82.103.131.211,82.103.132.114,82.103.137.14 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.103.138.10,82.103.138.37,82.109.45.51,82.110.105.3,82.120.80.136,82.144.242.175,82.146.32.213,82.146.33.103,82.146.33.243,82.146.35.143 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.146.35.18,82.146.40.34,82.146.42.15,82.146.42.8,82.146.43.173,82.146.43.2,82.146.43.3,82.146.49.1,82.146.50.202,82.146.51.126 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.146.51.25,82.146.52.158,82.146.55.23,82.146.55.35,82.146.55.39,82.146.56.0/21,82.151.132.40,82.165.180.64,82.165.205.16,82.166.132.221 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.192.87.96,82.197.131.14,82.197.131.17,82.197.131.21,82.198.176.34,82.200.96.0/23,82.204.219.135,82.204.219.208,82.204.219.221,82.204.219.223 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 82.204.219.251,82.208.58.199,82.98.193.102,82.98.235.155,82.98.235.173,82.98.235.24,82.98.235.52,82.98.86.0/24,83.133.115.9,83.133.118.67 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.133.118.70,83.133.118.72,83.133.123.113,83.133.123.139,83.133.123.140,83.133.123.166,83.133.123.174,83.133.124.81,83.133.125.116,83.133.126.155 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.133.126.46,83.133.126.98,83.133.127.93,83.137.192.222,83.142.230.169,83.142.230.175,83.142.230.44,83.142.230.45,83.143.81.10,83.149.105.88 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.149.69.46,83.149.69.47,83.149.72.171,83.149.72.172,83.149.74.250,83.149.75.50,83.149.75.56,83.149.82.186,83.149.85.100,83.149.86.132 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.149.87.200,83.149.95.208,83.17.76.98,83.170.116.39,83.171.76.98,83.171.76.99,83.172.0.56,83.19.144.26,83.211.240.146,83.222.0.0/19 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.229.248.147,83.229.250.27,83.229.251.28,83.229.251.29,83.229.251.37,83.229.252.71,83.233.30.140,83.233.30.159,83.243.70.11,83.68.16.30 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 83.68.16.6,84.16.224.183,84.16.224.199,84.16.227.222,84.16.227.223,84.16.228.142,84.16.228.143,84.16.230.38,84.16.234.27,84.16.235.187 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.16.236.16,84.16.237.46,84.16.240.233,84.16.244.114,84.16.244.121,84.16.247.12,84.16.251.238,84.16.252.138,84.16.252.183,84.16.252.73 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.16.252.77,84.16.252.80,84.16.252.90,84.19.184.160,84.204.97.122,84.204.97.124,84.243.196.130,84.243.196.132,84.243.196.136,84.243.196.137 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.196.6,84.243.197.10,84.243.197.183,84.243.197.184,84.243.197.191,84.243.197.197,84.243.197.45,84.243.200.143,84.243.200.147,84.243.213.39 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.252.160,84.243.252.161,84.243.252.162,84.243.252.163,84.243.252.164,84.243.252.165,84.243.252.166,84.243.252.167,84.243.252.168,84.243.252.169 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.252.170,84.243.252.171,84.243.252.172,84.243.252.173,84.243.252.174,84.243.252.175,84.243.252.176,84.243.252.177,84.243.252.178,84.243.252.179 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 84.243.252.180,84.243.252.87,84.243.252.88,84.244.137.173,84.244.138.115,84.246.134.14,84.255.247.1,84.51.21.132,84.95.250.10,85.10.194.162 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.10.208.252,85.10.221.161,85.10.243.126,85.114.131.69,85.114.141.207,85.12.43.99,85.13.129.230,85.13.135.43,85.13.236.154,85.14.6.159 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.142.1.0/24,85.159.144.21,85.17.103.104,85.17.103.112,85.17.103.113,85.17.103.114,85.17.103.115,85.17.103.116,85.17.103.119,85.17.103.35 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.17.103.47,85.17.136.135,85.17.136.137,85.17.136.140,85.17.138.29,85.17.138.60,85.17.139.54,85.17.141.20,85.17.143.132,85.17.143.201 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.17.162.100,85.17.162.165,85.17.162.169,85.17.162.9,85.17.165.132,85.17.166.135,85.17.166.136,85.17.169.55,85.17.177.223,85.17.184.31 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.17.19.118,85.17.19.132,85.17.201.143,85.17.209.45,85.17.216.83,85.17.224.149,85.17.232.198,85.17.254.136,85.17.254.158,85.17.3.246 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.17.4.0/24,85.17.45.0/24,85.17.52.4,85.17.52.47,85.17.52.69,85.17.52.7,85.17.52.77,85.17.52.9,85.17.93.190,85.17.94.16 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.17.94.42,85.192.34.156,85.192.43.102,85.197.99.39,85.21.125.197,85.21.68.35,85.214.23.161,85.214.90.254,85.235.208.0/24,85.235.209.2 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 85.24.148.110,85.255.112.0/20,85.255.112.0/21,85.255.120.0/24,85.255.121.0/24,85.255.122.4,85.64.2.247,85.9.56.199,85.92.152.43,86.122.151.123 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 86.17.173.169,86.203.230.213,86.35.15.212,86.57.246.186,87.106.103.122,87.106.220.76,87.117.234.92,87.117.252.0/24,87.117.255.0/24,87.118.116.11 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 87.118.116.14,87.118.117.11,87.118.118.80,87.118.120.71,87.118.126.246,87.118.126.30,87.118.69.108,87.118.96.83,87.118.96.86,87.120.40.138 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 87.121.76.9,87.230.25.199,87.233.159.186,87.237.13.203,87.238.162.146,87.242.116.123,87.242.73.95,87.242.76.68,87.242.78.57,87.242.90.0/24 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 87.248.163.54,87.248.163.56,87.248.163.58,87.248.180.0/24,87.251.53.97,87.252.1.21,87.3.36.91,87.98.128.146,87.98.222.197,87.98.234.25 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 87.98.239.19,88.191.22.55,88.191.78.48,88.198.103.122,88.198.131.169,88.198.207.4,88.198.233.225,88.198.40.57,88.198.41.170,88.198.48.247 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.198.58.147,88.198.62.171,88.198.8.15,88.201.208.0/20,88.208.0.0/21,88.208.16.116,88.208.16.144,88.208.16.147,88.208.16.234,88.208.16.235 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.208.17.1,88.208.17.116,88.208.19.153,88.208.19.4,88.208.21.110,88.208.21.16,88.208.21.188,88.208.28.0/22,88.208.39.146,88.208.46.232 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.208.46.239,88.212.196.87,88.212.202.56,88.214.192.0/18,88.214.192.0/20,88.214.200.165,88.214.200.5,88.214.202.110,88.255.0.0/17,88.80.203.162 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.81.249.200,88.84.128.40,88.84.137.164,88.85.65.129,88.85.65.5,88.85.65.6,88.85.66.17,88.85.66.63,88.85.78.81,88.85.81.101 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 88.85.82.148,88.85.89.16,88.85.89.5,88.85.89.7,88.86.103.186,89.104.71.235,89.104.82.198,89.108.64.39,89.108.68.31,89.108.68.86 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.108.73.87,89.108.73.98,89.108.74.33,89.108.80.210,89.108.82.74,89.108.83.12,89.108.89.8,89.108.91.137,89.108.91.7,89.108.91.82 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.108.94.111,89.108.94.180,89.108.94.183,89.108.94.245,89.108.95.135,89.111.171.191,89.111.173.65,89.111.176.207,89.111.176.21,89.111.176.35 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.111.176.4,89.111.176.48,89.111.176.54,89.111.176.67,89.111.176.89,89.111.176.97,89.111.188.155,89.114.126.152,89.146.137.0,89.149.194.201 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.194.45,89.149.200.153,89.149.200.79,89.149.201.133,89.149.202.115,89.149.202.127,89.149.202.254,89.149.202.30,89.149.206.56,89.149.207.114 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.207.213,89.149.207.56,89.149.208.179,89.149.208.44,89.149.209.11,89.149.209.117,89.149.209.160,89.149.209.161,89.149.209.69,89.149.209.93 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.210.154,89.149.212.100,89.149.212.137,89.149.212.151,89.149.212.218,89.149.216.212,89.149.216.213,89.149.217.205,89.149.220.0/24,89.149.221.182 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.221.74,89.149.225.88,89.149.226.0/24,89.149.227.0/24,89.149.228.201,89.149.230.73,89.149.235.190,89.149.235.192,89.149.235.235,89.149.236.140 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.236.141,89.149.236.98,89.149.241.0/24,89.149.242.128,89.149.242.191,89.149.242.201,89.149.242.25,89.149.244.204,89.149.244.22,89.149.244.29 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.244.83,89.149.247.244,89.149.249.237,89.149.251.111,89.149.251.130,89.149.251.203,89.149.251.33,89.149.251.43,89.149.251.44,89.149.251.56 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.252.154,89.149.252.155,89.149.252.19,89.149.252.24,89.149.252.252,89.149.253.215,89.149.253.239,89.149.254.12,89.149.254.46,89.149.254.55 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.149.255.190,89.149.255.191,89.149.255.34,89.149.255.35,89.171.115.10,89.179.247.183,89.18.181.0/24,89.18.189.44,89.185.228.12,89.185.228.13 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.185.228.141,89.185.228.17,89.185.228.59,89.185.229.126,89.185.229.127,89.186.5.153,89.187.48.0/24,89.188.112.0/24,89.188.122.66,89.188.16.12 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.19.29.130,89.191.224.28,89.200.201.66,89.200.201.67,89.200.201.94,89.208.145.148,89.218.40.131,89.218.85.18,89.238.135.227,89.248.111.232 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.248.160.227,89.248.160.231,89.248.168.22,89.248.168.46,89.248.168.70,89.248.168.74,89.248.172.0/23,89.249.22.196,89.250.63.123,89.254.139.247 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 89.32.22.215,89.47.236.152,89.47.237.52,89.96.48.150,90.150.144.50,90.156.144.78,90.156.149.33,90.156.153.104,90.156.153.34,90.156.153.49 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 90.156.178.37,90.156.178.40,90.156.178.46,90.156.178.47,91.103.216.240,91.121.124.22,91.121.140.44,91.121.146.101,91.121.8.196,91.142.209.26 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.149.157.130,91.189.113.105,91.189.113.12,91.192.106.0/23,91.192.148.161,91.192.148.177,91.192.148.194,91.192.148.33,91.192.148.49,91.192.148.66 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.192.148.82,91.192.148.85,91.192.149.161,91.192.149.177,91.192.149.194,91.192.149.33,91.192.149.49,91.192.149.66,91.192.149.82,91.192.68.52 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.192.71.7,91.193.108.150,91.193.108.222,91.193.108.239,91.193.108.254,91.193.40.0/22,91.194.10.60,91.194.140.0/23,91.194.76.0/23,91.195.116.0/23 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.196.232.0/22,91.197.130.18,91.197.130.20,91.197.130.21,91.197.130.39,91.197.160.20,91.198.71.0/24,91.199.112.0/24,91.199.245.101,91.200.122.153 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.200.144.0/23,91.200.146.200,91.200.146.201,91.200.146.4,91.200.146.8,91.202.63.99,91.203.4.112,91.203.4.113,91.203.4.49,91.203.5.111 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.203.5.133,91.203.68.0/22,91.203.92.0/22,91.203.92.0/24,91.205.233.33,91.205.96.12,91.206.10.173,91.206.10.190,91.206.226.41,91.206.226.42 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.206.231.140,91.207.116.0/23,91.207.4.10,91.207.4.11,91.207.4.122,91.207.4.146,91.207.4.9,91.207.60.0/23,91.207.61.12,91.207.8.252 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.208.0.0/24,91.208.162.9,91.208.228.101,91.209.163.171,91.209.163.178,91.209.163.182,91.209.163.184,91.209.163.201,91.209.163.202,91.209.163.203 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.209.183.21,91.209.183.61,91.21.88.146,91.210.57.135,91.211.64.0/22,91.212.127.47,91.212.132.10,91.212.132.11,91.212.132.12,91.212.132.32 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 91.212.132.34,91.212.158.5,91.212.41.0/24,91.212.65.0/24,91.212.65.133,91.212.65.35,91.212.65.48,91.92.165.55,91.93.133.4,92.168.61.133 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.241.160.0/19,92.241.169.14,92.241.176.101,92.243.76.132,92.38.0.111,92.38.0.41,92.38.0.69,92.38.1.11,92.38.1.12,92.39.48.2 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.42.186.73,92.48.112.77,92.48.119.151,92.48.122.144,92.48.122.60,92.48.122.61,92.48.127.134,92.48.192.0/18,92.48.69.13,92.48.91.144 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.60.176.13,92.60.176.33,92.60.176.41,92.60.176.45,92.61.148.174,92.61.240.22,92.61.248.102,92.61.80.66,92.62.100.0/24,92.62.101.100 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.62.101.110,92.62.101.111,92.62.101.117,92.62.101.122,92.62.101.123,92.62.101.126,92.62.101.130,92.62.101.132,92.62.101.17,92.62.101.39 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 92.62.101.60,92.62.101.61,92.62.101.8,92.62.96.0/24,92.62.98.0/24,92.63.104.165,92.63.106.125,92.63.96.137,92.63.97.192,93.103.232.126 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 93.174.92.197,93.174.92.66,93.174.93.110,93.174.93.164,93.174.93.196,93.174.93.220,93.174.93.34,93.174.93.36,93.174.93.80,93.174.93.81 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 93.174.94.198,93.183.194.0/18,93.188.160.0/21,93.190.137.99,93.190.138.238,93.190.138.239,93.190.139.0/24,93.190.140.134,93.190.140.135,93.190.140.49 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 93.190.140.56,93.190.142.135,94.102.48.0/20,94.103.80.220,94.103.90.10,94.103.90.120,94.103.90.160,94.103.90.220,94.103.90.80,94.124.84.10 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.125.71.77,94.142.128.41,94.229.64.115,94.229.65.172,94.232.248.0/24,94.243.110.72,94.247.0.0/21,94.25.85.14,94.27.123.227,94.52.128.126 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.75.192.66,94.75.193.14,94.75.193.167,94.75.199.168,94.75.199.178,94.75.209.11,94.75.210.39,94.75.214.117,94.75.214.138,94.75.214.18 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.75.215.3,94.75.215.59,94.75.215.92,94.75.221.68,94.75.221.70,94.75.227.110,94.75.227.111,94.75.227.80,94.75.228.136,94.75.228.162 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.75.229.229,94.75.229.253,94.75.233.162,94.75.233.8,94.75.234.35,94.75.234.7,94.75.236.231,94.75.240.242,94.75.243.114,94.75.243.115 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.75.243.117,94.75.253.92,94.76.205.160,94.76.212.238,94.76.212.239,94.76.212.241,94.76.213.104,94.76.213.227,94.76.213.234,94.76.225.134 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 94.76.225.98,95.129.144.12,95.129.144.13,95.129.144.186,95.129.144.210,95.129.144.227,95.129.144.228,95.129.144.236,95.129.144.244,95.129.145.43 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 95.129.145.46,95.129.145.58,95.129.146.244,95.168.163.83,95.168.173.224,95.168.173.237,95.211.14.161,95.211.14.163,95.211.7.140,95.211.7.183 event "ET RBN Known Russian Business Network IP" } signature sid- { ip-proto == ip src-ip == local_nets dst-ip == 95.211.8.136,95.211.8.61,95.211.9.27,95.221.15.44,97.74.144.150,98.124.198.1,98.126.211.138,98.126.29.234,98.126.41.36,98.126.9.218 event "ET RBN Known Russian Business Network IP" }