-
Notifications
You must be signed in to change notification settings - Fork 1
/
PAW-PATRULES_AGENT_TESLA_IP.rules
141 lines (140 loc) Β· 37.6 KB
/
PAW-PATRULES_AGENT_TESLA_IP.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# KXK00OOkxxkO00KX0
# ,NXKxo:,'... ...';cdOXN:
# l;. ..,:ldxkOOOOOOkkxol:,.. .o
# dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
# KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
# x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
# d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
# l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
# ;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
# .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
# l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
# .: .OOkkk; xk, .:kkkkkO0; ;.
# ;. :0kkkko;,cko :kkkk0d .:
# : oOkkkkkkkk .dkkk0k. :
# : dOkkkkkkk .:odxkkkkkOk. ;
# ; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
# '. ;OOkkkkkkkkkkkkkkkkkOOc '
# ' .lOOkkkkkkkkkkkkkOOd. .
# . .lOOkkkkkkkkkOOo' ..
# ' .;dOOOkOOOx:. .
# .. .,lxo;. ..
# .. ..
#
# ____ ___ __ ____ _ _
#| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
#| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
#| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
#|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
#
# IDS Rules for Suricata
# π Charles BLANC-ROLIN β ΅ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# β Agent Tesla - IP
alert ip any any -> 108.161.187.74 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://www.capesandbox.com/analysis/23945/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_07_09, updated_at 2020_07_09; sid:3301356; rev:1; classtype:trojan-activity;)
alert ip any any -> 208.91.198.79 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://www.capesandbox.com/analysis/23945/; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301357; rev:1; classtype:trojan-activity;)
alert ip any any -> 212.47.208.136 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301358; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.219.248.76 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301359; rev:1; classtype:trojan-activity;)
alert ip any any -> 162.215.253.15 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301360; rev:1; classtype:trojan-activity;)
alert ip any any -> 204.11.56.48 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301361; rev:1; classtype:trojan-activity;)
alert ip any any -> 89.45.67.200 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301362; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.171.186.13 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301363; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.231.162.226 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301364; rev:1; classtype:trojan-activity;)
alert ip any any -> 208.91.198.225 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301365; rev:1; classtype:trojan-activity;)
alert ip any any -> 54.72.9.51 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301366; rev:1; classtype:trojan-activity;)
alert ip any any -> 166.62.10.189 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301367; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.81.4.99 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301368; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.9.63.254 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301369; rev:1; classtype:trojan-activity;)
alert ip any any -> 206.188.198.69 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301370; rev:1; classtype:trojan-activity;)
alert ip any any -> 108.163.138.140 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301371; rev:1; classtype:trojan-activity;)
alert ip any any -> 144.76.118.219 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301372; rev:1; classtype:trojan-activity;)
alert ip any any -> 162.241.27.33 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301373; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.21.59.15 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301374; rev:1; classtype:trojan-activity;)
alert ip any any -> 156.38.171.144 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301375; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.79.63.24 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_22, updated_at 2020_08_22;sid:3301376; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.54.126.76 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301377; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.145.237.27 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301378; rev:1; classtype:trojan-activity;)
alert ip any any -> 162.222.227.105 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301379; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.211.216.53 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301380; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.38.82.11 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301381; rev:1; classtype:trojan-activity;)
alert ip any any -> 64.98.36.128 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301382; rev:1; classtype:trojan-activity;)
alert ip any any -> 69.73.181.211 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://www.joesandbox.com/analysis/271116/0/html; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_24, updated_at 2020_08_24; sid:3301383; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.195.185.104 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301384; rev:1; classtype:trojan-activity;)
alert ip any any -> 37.59.226.72 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301385; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.7.226.61 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301386; rev:1; classtype:trojan-activity;)
alert ip any any -> 74.220.219.171 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301387; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.54.115.249 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301388; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.188.206.58 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301389; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.188.206.30 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_25, updated_at 2020_08_25; sid:3301390; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.36.81.151 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_26, updated_at 2020_08_26; sid:3301391; rev:1; classtype:trojan-activity;)
alert ip any any -> 162.222.225.57 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_26, updated_at 2020_08_26; sid:3301392; rev:1; classtype:trojan-activity;)
alert ip any any -> 95.130.175.151 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_08_26, updated_at 2020_08_26; sid:3301393; rev:1; classtype:trojan-activity;)
alert ip any any -> 50.87.248.50 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301394; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.185.140.214 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301395; rev:1; classtype:trojan-activity;)
alert ip any any -> 209.99.40.222 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301396; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.141.152.18 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301397; rev:1; classtype:trojan-activity;)
alert ip any any -> 142.93.110.250 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301398; rev:1; classtype:trojan-activity;)
alert ip any any -> 210.245.86.30 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301399; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.21.59.83 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301400; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.187.154.178 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301401; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.129.42.139 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301402; rev:1; classtype:trojan-activity;)
alert ip any any -> 148.66.138.106 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_07, updated_at 2020_09_07; sid:3301403; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.12.66.102 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301404; rev:1; classtype:trojan-activity;)
alert ip any any -> 46.166.182.116 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301405; rev:1; classtype:trojan-activity;)
alert ip any any -> 62.219.11.4 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301406; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.21.59.27 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301407; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.6.245.189 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301408; rev:1; classtype:trojan-activity;)
alert ip any any -> 188.212.156.20 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301409; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.156.175.95 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301410; rev:1; classtype:trojan-activity;)
alert ip any any -> 77.72.201.246 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301411; rev:1; classtype:trojan-activity;)
alert ip any any -> 173.231.198.30 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301412; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.185.92.219 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301413; rev:1; classtype:trojan-activity;)
alert ip any any -> 107.180.41.250 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301414; rev:1; classtype:trojan-activity;)
alert ip any any -> 98.142.108.42 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301415; rev:1; classtype:trojan-activity;)
alert ip any any -> 138.128.167.210 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_10, updated_at 2020_09_10; sid:3301416; rev:1; classtype:trojan-activity;)
alert ip any any -> 209.99.16.234 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301417; rev:1; classtype:trojan-activity;)
alert ip any any -> 209.182.200.130 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301418; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.25.23.54 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301419; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.54.121.233 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301420; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.21.58.10 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301421; rev:1; classtype:trojan-activity;)
alert ip any any -> 108.167.136.54 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301422; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.185.129.35 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301423; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.188.200.226 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301424; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.40.115.79 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301425; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.3.201.45 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_13, updated_at 2020_09_13; sid:3301426; rev:1; classtype:trojan-activity;)
alert ip any any -> 208.91.199.122 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301427; rev:1; classtype:trojan-activity;)
alert ip any any -> 69.16.230.42 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301428; rev:1; classtype:trojan-activity;)
alert ip any any -> 188.93.230.198 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301429; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.153.182.50 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301430; rev:1; classtype:trojan-activity;)
alert ip any any -> 65.52.145.87 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301431; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.12.123.178 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301432; rev:1; classtype:trojan-activity;)
alert ip any any -> 176.53.69.3 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301433; rev:1; classtype:trojan-activity;)
alert ip any any -> 172.104.131.92 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301434; rev:1; classtype:trojan-activity;)
alert ip any any -> 193.56.28.208 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301435; rev:1; classtype:trojan-activity;)
alert ip any any -> 139.99.27.216 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301436; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.21.59.169 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_21, updated_at 2020_09_21;sid:3301437; rev:1; classtype:trojan-activity;)
alert ip any any -> 94.126.174.28 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301438; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.61.153.108 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301439; rev:1; classtype:trojan-activity;)
alert ip any any -> 206.123.158.142 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301440; rev:1; classtype:trojan-activity;)
alert ip any any -> 203.124.44.88 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301441; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.38.82.103 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301442; rev:1; classtype:trojan-activity;)
alert ip any any -> 198.54.116.236 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301443; rev:1; classtype:trojan-activity;)
alert ip any any -> 111.118.215.253 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301444; rev:1; classtype:trojan-activity;)
alert ip any any -> 23.111.151.251 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301445; rev:1; classtype:trojan-activity;)
alert ip any any -> 45.76.248.163 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301446; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.219.248.113 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_18, updated_at 2020_09_18;sid:3301447; rev:1; classtype:trojan-activity;)
alert ip any any -> 104.219.248.113 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301448; rev:1; classtype:trojan-activity;)
alert ip any any -> 85.187.154.178 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301449; rev:1; classtype:trojan-activity;)
alert ip any any -> 95.216.103.165 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301450; rev:1; classtype:trojan-activity;)
alert ip any any -> 64.98.36.139 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301451; rev:1; classtype:trojan-activity;)
alert ip any any -> 35.213.167.237 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301452; rev:1; classtype:trojan-activity;)
alert ip any any -> 141.8.193.236 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301453; rev:1; classtype:trojan-activity;)
alert ip any any -> 68.66.200.205 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301454; rev:1; classtype:trojan-activity;)
alert ip any any -> 134.0.9.55 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301455; rev:1; classtype:trojan-activity;)
alert ip any any -> 192.185.73.57 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301456; rev:1; classtype:trojan-activity;)
alert ip any any -> 199.188.200.49 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301457; rev:1; classtype:trojan-activity;)
alert ip any any -> 103.8.25.98 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301458; rev:1; classtype:trojan-activity;)
alert ip any any -> 23.94.30.178 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301459; rev:1; classtype:trojan-activity;)
alert ip any any -> 43.225.55.205 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301460; rev:1; classtype:trojan-activity;)
alert ip any any -> 185.61.152.63 !443 (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2021_03_23 ;sid:3301461; rev:2; classtype:trojan-activity;)
alert ip any any -> 192.185.129.194 any (msg:"πΎ - π¨ Connection to β π C2 β Agent Tesla"; reference: url,https://any.run/malware-trends/agenttesla; reference: url,https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla; metadata:created_at 2020_09_25, updated_at 2020_09_25;sid:3301462; rev:1; classtype:trojan-activity;)