Russian Business Network(RBN)

EvilFingers is bringing in one of the most diverse data sets to provide a portal for helping the community. nG is aimed at bringing in honeypot data from various places around the world. Russian Business Network(RBN) page is aimed at bringing in details on possible RBN hosts/networks that could help our security community. So far we have aimed at bringing in Emerging Threats (ET) information to our site, since they have the most updated information on such IPs. Matt Jonkman has done a great job in putting things together and for being a helping hand for our community

RBN Rules 1

alert ip [115.126.2.116,115.126.2.117,115.126.2.118,115.126.2.8,116.50.9.0/24, 129.44.190.77,190.15.72.0/21,190.183.63.0/24,193.138.232.0/22,193.19.138.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406000; rev:81;)

RBN Rules 2

alert ip [193.33.128.0/23,193.33.144.226,194.110.69.0/24,194.126.174.124, 194.135.105.203,194.135.22.0/24,194.146.204.0/22,194.226.64.0/20,194.67.0.0/18, 195.114.16.0/23] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406001; rev:81;)

RBN Rules 3

alert ip [195.161.113.204,195.161.113.218,195.225.177.0/24,195.3.144.0/22, 195.5.116.0/24,195.5.117.0/24,195.64.140.0/23,195.64.162.0/23,195.66.132.0/24, 195.95.218.0/23] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406002; rev:81;)

RBN Rules 4

alert ip [198.63.210.0/24,199.237.229.158,200.115.160.0/20,200.46.83.245, 200.63.45.0/24,200.63.48.105,200.63.48.140,201.212.0.243,202.71.102.0/24, 203.117.0.0/16] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406003; rev:81;)

RBN Rules 5

alert ip [203.121.0.0/17,204.13.160.15,204.14.110.38,205.134.191.187, 205.252.166.58,205.252.166.60,205.252.166.61,206.161.120.0/24,206.161.126.0/24, 206.161.193.131] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406004; rev:81;)

RBN Rules 6

alert ip [206.161.200.0/24,206.53.51.155,207.176.7.0/24,207.210.85.61, 207.226.173.0/24,207.226.175.0/24,207.226.179.0/24,207.226.182.0/24, 208.110.80.170,208.43.41.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (6)";reference:url,doc.emergingthreats.net /bin/view/Main/RussianBusinessNetwork;threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406005; rev:81;)

RBN Rules 7

alert ip [208.66.192.0/22,208.72.160.0/20,208.72.168.0/21, 208.72.173.0/24,208.73.210.32,208.79.82.0/24,208.87.148.0/23, 208.87.242.120,208.87.33.150,208.88.224.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406006; rev:81;)

RBN Rules 8

alert ip [208.88.53.0/24,208.98.22.0/24,209.160.65.62,209.160.71.110, 209.200.60.137,209.200.63.169,209.200.63.179,209.200.63.184, 209.250.227.0/24,209.250.230.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (8)"; reference:url, doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406007; rev:81;)

RBN Rules 9

alert ip [209.250.232.0/24,209.250.235.0/24,209.250.236.0/24, 209.250.237.0/24,209.51.155.138,209.51.196.248,209.59.177.9, 209.62.20.163,209.67.214.194,209.67.215.178] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406008; rev:81;)

RBN Rules 10

alert ip [209.8.24.0/24,209.8.47.0/24,209.85.51.0/24,209.85.84.0/24, 210.145.102.19,210.51.25.120,211.95.79.242,212.24.53.0/24,212.77.128.0/20, 213.155.0.200] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (10)"; reference:url,doc.emergingthreats.net /bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406009; rev:81;)

RBN Rules 11

alert ip [213.155.1.46,213.155.2.104,213.174.142.0/24,213.189.9.176, 213.189.9.75,216.130.188.207,216.188.26.0/24,216.195.37.251, 216.195.40.64,216.195.44.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (11)"; reference:url, doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406010; rev:81;)

RBN Rules 12

alert ip [216.195.49.0/24,216.195.50.0/24,216.195.56.86,216.195.56.87, 216.195.56.88,216.195.58.38,216.195.59.77,216.195.61.0/24,216.240.134.208, 216.240.134.211] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (12)"; reference:url,doc.emergingthreats.net/bin /view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406011; rev:81;)

RBN Rules 13

alert ip [216.255.176.0/20,216.34.131.135,216.40.230.4,216.40.33.252, 216.7.89.0/24,217.146.87.0/24,217.16.27.38,217.170.64.0/20,217.171.66.245, 217.199.217.9] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (13)"; reference:url,doc.emergingthreats.net /bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406012; rev:81;)

RBN Rules 14

alert ip [217.26.144.122,218.106.90.227,218.244.147.129,220.196.42.220, 24.244.171.69,38.100.93.0/24,38.117.90.45,4.16.224.183,58.65.232.0/21, 63.214.247.170] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (14)"; reference:url,doc.emergingthreats.net/bin /view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406013; rev:81;)

RBN Rules 15

alert ip [63.251.92.0/24,64.111.196.0/24,64.111.197.0/24, 64.124.222.0/24,64.14.244.60,64.18.144.0/24,64.191.78.0/24, 64.202.189.170,64.247.49.31,64.255.172.50] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406014; rev:81;)

RBN Rules 16

alert ip [64.28.176.0/20,64.28.187.0/24,64.32.5.0/24, 64.40.103.249,64.69.68.0/24,65.243.103.0/24,65.254.54.178, 65.254.54.179,65.98.15.47,65.98.19.103] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406015; rev:81;)

RBN Rules 17

alert ip [66.115.136.52,66.152.78.69,66.152.78.70,66.152.78.75, 66.197.170.5,66.199.242.18,66.199.242.19,66.244.254.0/24, 66.246.235.42,66.249.5.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406016; rev:81;)

RBN Rules 18

alert ip [66.252.0.0/19,66.29.11.144,66.29.15.140,66.29.15.141, 66.39.5.165,67.130.99.0/24,67.137.217.219,67.15.184.7, 67.15.47.0/24,67.18.179.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406017; rev:81;)

RBN Rules 19

alert ip [67.19.24.170,67.19.72.202,67.205.75.0/24,67.210.0.0/20, 67.210.12.0/23,67.210.14.0/23,67.220.66.0/24,67.220.67.0/24, 67.220.72.0/24,67.220.73.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406018; rev:81;)

RBN Rules 20

alert ip [67.220.74.0/24,67.220.75.0/24,67.55.81.0/24, 68.178.232.100,68.178.232.91,69.1.78.0/24,69.20.117.228, 69.20.68.36,69.20.68.41,69.22.162.0/23] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406019; rev:81;)

RBN Rules 21

alert ip [69.22.168.0/21,69.22.184.0/22,69.28.252.35, 69.31.128.0/24,69.31.40.0/21,69.31.64.0/20,69.31.80.0/21, 69.39.224.0/24,69.41.183.0/24,69.42.216.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406020; rev:81;)

RBN Rules 22

alert ip [69.46.228.45,69.50.160.0/19,69.64.145.0/24, 69.64.155.0/24,69.64.159.1,69.64.33.149,69.64.33.24, 69.64.33.242,69.93.226.154,70.85.114.186] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406021; rev:81;)

RBN Rules 23

alert ip [70.87.222.138,72.10.172.0/24,72.167.195.124, 72.167.195.125,72.20.24.0/24,72.20.25.0/24,72.232.242.250, 72.233.43.2,72.233.60.0/24,72.233.76.10] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406022; rev:81;)

RBN Rules 24

alert ip [72.32.134.197,72.32.242.169,72.32.242.170, 72.32.48.189,72.36.133.170,72.36.153.62,72.44.67.5, 72.44.67.7,72.44.67.8,72.9.98.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406023; rev:81;)

RBN Rules 25

alert ip [74.208.128.155,74.52.32.0/24,74.53.169.2, 74.54.156.234,74.54.82.0/24,74.55.100.8,75.101.129.55, 75.125.200.226,75.125.215.35,75.125.241.58] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406024; rev:81;)

RBN Rules 26

alert ip [76.74.249.5,77.220.177.0/24,77.221.128.0/19, 77.244.211.0/24,77.244.220.0/24,77.245.61.0/24,77.73.98.0/24, 77.91.224.0/21,77.92.88.0/24,78.108.182.164] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406025; rev:81;)

RBN Rules 27

alert ip [78.109.28.144,78.129.142.0/24,78.129.166.0/24, 78.129.202.0/24,78.129.223.19,78.157.142.0/24,78.157.143.0/24, 78.26.179.230,78.26.179.246,78.26.179.248] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406026; rev:81;)

RBN Rules 28

alert ip [78.47.168.82,79.132.198.0/24,79.135.160.0/19, 79.135.167.0/24,79.143.176.0/22,79.170.40.21,79.170.40.38, 80.70.224.0/20,80.77.80.0/20,80.91.76.147] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406027; rev:81;)

RBN Rules 29

alert ip [80.91.76.148,80.91.76.149,80.91.76.150,80.91.76.151, 80.91.76.152,80.91.76.153,80.91.76.154,80.93.50.149,81.177.8.162, 81.22.60.153] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (29)"; reference:url, doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406028; rev:81;)

RBN Rules 30

alert ip [81.94.16.0/20,81.95.128.0/19,81.95.144.0/20, 81.95.156.0/22,82.103.137.14,82.110.105.3,82.146.56.0/21, 82.200.96.0/23,82.98.235.155,82.98.86.161] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406029; rev:81;)

RBN Rules 31

alert ip [82.98.86.171,82.98.86.173,83.149.105.88, 83.149.74.250,83.170.116.39,83.171.76.98,83.171.76.99, 83.222.0.0/19,84.16.240.233,84.16.252.138] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406030; rev:81;)

RBN Rules 32

alert ip [85.17.4.0/24,85.17.45.0/24,85.255.112.0/21, 85.255.120.0/24,85.255.121.0/24,87.117.252.0/24,87.117.255.0/24, 87.118.116.11,87.230.25.199,87.242.90.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406031; rev:81;)

RBN Rules 33

alert ip [87.248.180.0/24,88.201.208.0/20,88.214.192.0/18, 88.214.202.0/24,88.255.0.0/17,88.255.90.0/24,88.255.94.0/24, 89.108.95.135,89.149.206.56,89.149.208.179] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406032; rev:81;)

RBN Rules 34

alert ip [89.149.209.160,89.149.209.161,89.149.220.0/24, 89.149.221.182,89.149.226.0/24,89.149.227.0/24,89.149.235.235, 89.149.241.0/24,89.18.181.0/24,89.18.189.44] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406033; rev:81;)

RBN Rules 35

alert ip [89.187.48.0/24,89.188.112.0/24,89.188.16.12, 91.192.106.0/23,91.193.40.0/22,91.193.56.0/22,91.194.140.0/23, 91.194.76.0/23,91.195.116.0/23,91.196.232.0/22] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406034; rev:81;)

RBN Rules 36

alert ip [91.198.71.0/24,91.203.68.0/22,91.203.92.0/22, 91.203.92.0/24,91.208.0.0/24,91.21.88.146,92.241.170.130, 92.241.177.70,92.48.201.0/24,92.62.100.0/24] any -> $HOME_NET any (msg:"ET RBN Known Russian Business Network Monitored Domains (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/ RussianBusinessNetwork; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2406035; rev:81;)