EmergingThreats
>
Main Web
>
AllProjects
>
SnortConfSamples
>
RussianBusinessNetwork
(2016-02-01,
MattJonkman
)
E
dit
A
ttach
Russian Business Network
"Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown. Do what you will with this information." - Matt Jonkman
Emerging Threats Russian Business Network (RBN) Snort Intrusion Detection Rules
:
*
http://rules.emergingthreats.net/blockrules/emerging-rbn.rules
*
http://rules.emergingthreats.net/blockrules/emerging-rbn-BLOCK.rules
Emerging Threats Firewall Rules
:
*
http://rules.emergingthreats.net/fwrules/
Russian Business Network
background information compiled by
JamesMcQuaid
:
From
JamesMcQuaid
:
RBN IP Block List:
RussianBusinessNetworkIPs.txt
Updated 2-10-2012: IP address ranges from which the former customers of the RBN ISP, their malware marketing affiliate networks, emulators, and other organized crime groups exploit consumers. Block at will. Test for your production environment prior to utilization. In cases where a malicious domain occupies an IP address used by many domains, the IP address is
not
included in this list (due to false positives in Snort and Suricata). Those domains are included in the DNS Blackhole for Smoothwall at
http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples
emerging-rbn-malvertisers.txt
Updated 11-18-2011.
RBN IP List Update files:
RBN_IP_List_Update_2-10-2012.txt
RBN_IP_List_Update_12-14-2011.txt
RBN_IP_List_Update_11-17-2011.txt
RBN_IP_List_Update_10-27-2011.txt
RBN_IP_List_Update_10-6-2011.txt
RBN_IP_List_Update_9-18-2011.txt
RBN_IP_List_Update_8-29-2011.txt
RBN_IP_List_Update_7-21-2011.txt
RBN_IP_List_Update_7-18-2011.txt
RBN_IP_List_Update_7-15-2011.txt
emerging-rbn-malvertising_update_7-15-2011.txt
RBN_IP_List_Update_7-13-2011.txt
RBN_IP_List_Update_7-8-2011.txt
RBN_IP_List_Update_7-6-2011.txt
RBN_IP_List_Update_7-5-2011.txt
RBN_IP_List_Update_7-3-2011.txt
RBN_IP_List_Update_6-28-2011.txt
RBN_IP_List_Update_6-21-2011.txt
RBN_IP_List_Update_6-19-2011.txt
RBN_IP_List_Update_6-14-2011.txt
RBN_IP_List_Update_6-13-2011.txt
RBN_IP_List_Update_6-11-2011.txt
RBN_IP_List_Update_6-9-2011.txt
RBN_IP_List_Update_6-6-2011.txt
RBN_IP_List_Update_6-1-2011.txt
RBN_IP_List_Update_5-27-2011.txt
RBN_IP_List_Update_5-25-2011.txt
RBN_IP_List_Update_5-22-2011.txt
RBN_IP_List_Update_5-21-2011.txt
nom de guerre Sergey Nevsky
RBN_IP_List_Update_5-20-2011.txt
RBN_IP_List_Update_5-17-2011.txt
stealth pharma
RBN_IP_List_Update_5-14-2011.txt
RBN_IP_List_Update_5-10-2011.txt
RBN_IP_List_Update_5-9-2011.txt
RBN_IP_List_Update_5-5-2011.txt
35 new instances of Zeus
RBN_IP_List_Update_5-4-2011.txt
RBN_IP_List_Update_5-2-2011.txt
RBN_IP_List_Update_4-30-2011.txt
RBN_IP_List_Update_4-28-2011.txt
black energy
RBN_IP_List_Update_4-27-2011.txt
RBN_IP_List_Update_4-25-2011.txt
counter-intrusion
RBN_IP_List_Update_4-17-2011.txt
RBN_IP_List_Update_4-12-2011.txt
a week of Hammer Down
RBN_IP_List_Update_4-10-2011.txt
RBN_IP_List_Update_4-7-2011.txt
RBN_IP_List_Update_4-3-2011.txt
RBN_IP_List_Update_3-20-2011.txt
RBN_IP_List_Update_3-13-2011.txt
RBN_IP_List_Update_3-11-2011.txt
RBN_IP_List_Update_3-6-2011.txt
Pavel Vrublevsky/ChronoPay
RBN_IP_List_Update_3-4-2011.txt
RBN_IP_List_Update_3-2-2011.txt
caveat extrajudicial
RBN_IP_List_Update_2-22-2011.txt
RBN_IP_List_Update_2-13-2011.txt
RBN_IP_List_Update_2-6-2011.txt
RBN_IP_List_Update_2-4-2011.txt
RBN_IP_List_Update_1-29-2011.txt
RBN_IP_List_Update_1-27-2011.txt
RBN_IP_List_Update_1-24-2011.txt
RBN_IP_List_Update_1-23-2011.txt
More Glavmed to Kick
RBN_IP_List_Update_1-22-2011.txt
RBN_IP_List_Update_1-20-2011.txt
RBN_IP_List_Update_1-18-2011.txt
A backhand blow to the Koobface Gang
.
RBN_IP_List_Update_1-12-2011.txt
RBN_IP_List_Update_1-2-2011.txt
RBN_IP_List_Update_12-30-2010.txt
RBN_IP_List_Update_12-29-2010.txt
RBN_IP_List_Update_12-23-2010.txt
RBN_IP_List_Update_12-22-2010.txt
RBN_IP_List_Update_12-19-2010.txt
RBN_IP_List_Update_12-14-2010.txt
RBN_IP_List_Update_12-8-2010.txt
RBN_IP_List_Update_12-6-2010.txt
RBN_IP_List_Update_12-2-2010.txt
Storm 2:
Storm_2_IP_addresses_3-12-2011.txt
278 IP addresses of hijacked residential computers.
Storm_2_domain_objects_3-11-2011.txt
1,305 Storm 2 domain objects.
Crime Centric Hosting:
http://www.jamesmcquaid.com/Heihachi-2x4.txt
List of domains associated with closely allied Russian criminal hosters Heihachi and 2x4.ru. Add these dangerous domains to your DNS black hole and blacklists.
as29073_ECATEL-AS.txt
List of domains at criminal hoster AS29073 ECATEL.
as51554_LYAHOV-AS_Lyahovich_Maksim.txt
List of domains at criminal hoster AS51554 LYAHOV.
AS6851_BKCNET.txt
List of domains at criminal hoster AS6851 BKCNET.
RBNRoutes.txt
Dedicated criminal networks (listed in RBNRoutes.txt) 772 routes favored by criminals; roughly 10% of the entries in the RBN IP List.
RBN_Observations_2nd_Quarter_2010.txt
through July 5th
RBNIdentities.txt
Registrant nom de guerres associated malicious and infected domains (first half 2010).
From Jart Armin:
http://hostexploit.com/
http://rbnexploit.blogspot.com
From Brian Krebs:
http://krebsonsecurity.com/
http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.html
http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html
http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html
http://www.washingtonpost.com/wp-dyn/content/story/2007/10/12/ST2007101202661.html?hpid=moreheadlines
http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101201700.html?sub=new
From Spamhaus:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7740
"The Russians Go Chinese":
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7829
http://cidr-report.org/cgi-bin/as-report?as=AS43603
http://cidr-report.org/cgi-bin/as-report?as=AS42811
http://cidr-report.org/cgi-bin/as-report?as=AS43259
http://cidr-report.org/cgi-bin/as-report?as=AS43702
http://cidr-report.org/cgi-bin/as-report?as=AS43188
http://cidr-report.org/cgi-bin/as-report?as=AS42672
http://cidr-report.org/cgi-bin/as-report?as=AS42662
From Dancho Danchev:
http://ddanchev.blogspot.com/
From David Bizeul:
http://isc.sans.org/presentations/RBN_study.pdf
From Shadowserver:
'Clarifying the "guesswork" of Criminal Activity':
http://www.shadowserver.org/wiki/uploads/Information/RBN-AS40989.pdf
Wikipedia:
http://en.wikipedia.org/wiki/Russian_Business_Network
--
JamesMcQuaid
- 21 June 2010
Attachments
Attachments
Topic attachments
I
Attachment
Action
Size
Date
Who
Comment
txt
AS6851_BKCNET.txt
manage
50.8 K
2011-01-02 - 23:04
UnknownUser
txt
Emerging-frequent_malvertisers.txt
manage
0.3 K
2011-07-03 - 16:23
UnknownUser
txt
RBNIPListOptional.txt
manage
1.5 K
2010-04-02 - 15:43
UnknownUser
txt
RBNIdentities.txt
manage
82.2 K
2009-12-13 - 19:26
UnknownUser
txt
RBNRoutes.txt
manage
12.5 K
2011-05-10 - 01:01
UnknownUser
txt
RBN_IP_List_Update_1-12-2011.txt
manage
9.4 K
2011-02-03 - 00:55
UnknownUser
txt
RBN_IP_List_Update_1-18-2011.txt
manage
67.5 K
2011-02-03 - 00:56
UnknownUser
txt
RBN_IP_List_Update_1-2-2011.txt
manage
6.1 K
2011-02-03 - 01:11
UnknownUser
txt
RBN_IP_List_Update_1-20-2011.txt
manage
8.6 K
2011-01-20 - 12:26
UnknownUser
txt
RBN_IP_List_Update_1-22-2011.txt
manage
72.5 K
2011-01-23 - 00:06
UnknownUser
txt
RBN_IP_List_Update_1-23-2011.txt
manage
21.2 K
2011-01-23 - 18:07
UnknownUser
txt
RBN_IP_List_Update_1-24-2011.txt
manage
12.6 K
2011-01-24 - 12:02
UnknownUser
txt
RBN_IP_List_Update_1-27-2011.txt
manage
5.1 K
2011-01-27 - 12:24
UnknownUser
txt
RBN_IP_List_Update_1-29-2011.txt
manage
28.9 K
2011-01-29 - 22:11
UnknownUser
txt
RBN_IP_List_Update_10-27-2011.txt
manage
2.3 K
2011-10-27 - 12:11
UnknownUser
txt
RBN_IP_List_Update_10-6-2011.txt
manage
7.7 K
2011-10-06 - 11:45
UnknownUser
txt
RBN_IP_List_Update_11-17-2011.txt
manage
0.3 K
2011-11-18 - 04:07
UnknownUser
txt
RBN_IP_List_Update_12-14-2010.txt
manage
27.5 K
2011-02-03 - 01:16
UnknownUser
txt
RBN_IP_List_Update_12-14-2011.txt
manage
15.6 K
2011-12-14 - 12:53
UnknownUser
txt
RBN_IP_List_Update_12-19-2010.txt
manage
65.8 K
2011-02-03 - 01:14
UnknownUser
txt
RBN_IP_List_Update_12-2-2010.txt
manage
10.3 K
2011-02-03 - 01:15
UnknownUser
txt
RBN_IP_List_Update_12-22-2010.txt
manage
5.6 K
2011-02-03 - 01:13
UnknownUser
txt
RBN_IP_List_Update_12-23-2010.txt
manage
5.7 K
2011-02-03 - 01:13
UnknownUser
txt
RBN_IP_List_Update_12-29-2010.txt
manage
127.1 K
2011-02-03 - 01:12
UnknownUser
txt
RBN_IP_List_Update_12-30-2010.txt
manage
17.4 K
2011-02-03 - 01:12
UnknownUser
txt
RBN_IP_List_Update_12-6-2010.txt
manage
42.5 K
2011-02-03 - 01:15
UnknownUser
txt
RBN_IP_List_Update_12-8-2010.txt
manage
9.7 K
2011-02-03 - 01:15
UnknownUser
txt
RBN_IP_List_Update_2-10-2012.txt
manage
9.0 K
2012-02-10 - 13:35
UnknownUser
txt
RBN_IP_List_Update_2-13-2011.txt
manage
66.8 K
2011-02-14 - 01:23
UnknownUser
txt
RBN_IP_List_Update_2-22-2011.txt
manage
38.8 K
2011-02-22 - 04:46
UnknownUser
txt
RBN_IP_List_Update_2-4-2011.txt
manage
21.0 K
2011-02-04 - 10:39
UnknownUser
txt
RBN_IP_List_Update_2-6-2011.txt
manage
44.6 K
2011-02-06 - 22:03
UnknownUser
txt
RBN_IP_List_Update_3-11-2011.txt
manage
36.8 K
2011-03-11 - 15:40
UnknownUser
txt
RBN_IP_List_Update_3-13-2011.txt
manage
32.9 K
2011-03-13 - 17:04
UnknownUser
txt
RBN_IP_List_Update_3-2-2011.txt
manage
16.3 K
2011-03-03 - 03:47
UnknownUser
txt
RBN_IP_List_Update_3-20-2011.txt
manage
68.4 K
2011-03-20 - 17:29
UnknownUser
txt
RBN_IP_List_Update_3-4-2011.txt
manage
13.4 K
2011-03-04 - 12:56
UnknownUser
txt
RBN_IP_List_Update_3-6-2011.txt
manage
96.7 K
2011-03-07 - 00:03
UnknownUser
txt
RBN_IP_List_Update_4-10-2011.txt
manage
121.3 K
2011-04-11 - 03:43
UnknownUser
txt
RBN_IP_List_Update_4-12-2011.txt
manage
20.6 K
2011-04-12 - 11:43
UnknownUser
txt
RBN_IP_List_Update_4-17-2011.txt
manage
180.4 K
2011-04-17 - 20:30
UnknownUser
txt
RBN_IP_List_Update_4-25-2011.txt
manage
101.3 K
2011-04-26 - 04:05
UnknownUser
txt
RBN_IP_List_Update_4-27-2011.txt
manage
8.7 K
2011-04-27 - 11:12
UnknownUser
txt
RBN_IP_List_Update_4-28-2011.txt
manage
3.5 K
2011-04-28 - 11:32
UnknownUser
txt
RBN_IP_List_Update_4-3-2011.txt
manage
84.4 K
2011-04-03 - 23:08
UnknownUser
txt
RBN_IP_List_Update_4-30-2011.txt
manage
49.5 K
2011-05-01 - 00:06
UnknownUser
txt
RBN_IP_List_Update_4-7-2011.txt
manage
31.3 K
2011-04-07 - 12:02
UnknownUser
txt
RBN_IP_List_Update_5-10-2011.txt
manage
47.7 K
2011-05-10 - 11:34
UnknownUser
txt
RBN_IP_List_Update_5-14-2011.txt
manage
57.4 K
2011-05-15 - 03:13
UnknownUser
txt
RBN_IP_List_Update_5-17-2011.txt
manage
42.1 K
2011-05-17 - 04:52
UnknownUser
txt
RBN_IP_List_Update_5-2-2011.txt
manage
6.8 K
2011-05-02 - 11:45
UnknownUser
txt
RBN_IP_List_Update_5-20-2011.txt
manage
160.2 K
2011-05-20 - 03:24
UnknownUser
txt
RBN_IP_List_Update_5-21-2011.txt
manage
52.1 K
2011-05-21 - 21:01
UnknownUser
txt
RBN_IP_List_Update_5-22-2011.txt
manage
8.1 K
2011-05-22 - 17:19
UnknownUser
txt
RBN_IP_List_Update_5-25-2011.txt
manage
34.0 K
2011-05-25 - 14:41
UnknownUser
txt
RBN_IP_List_Update_5-27-2011.txt
manage
8.1 K
2011-05-27 - 18:23
UnknownUser
txt
RBN_IP_List_Update_5-4-2011.txt
manage
5.2 K
2011-05-04 - 11:40
UnknownUser
txt
RBN_IP_List_Update_5-5-2011.txt
manage
33.9 K
2011-05-06 - 03:59
UnknownUser
txt
RBN_IP_List_Update_5-9-2011.txt
manage
54.2 K
2011-05-09 - 11:00
UnknownUser
txt
RBN_IP_List_Update_6-1-2011.txt
manage
35.0 K
2011-06-01 - 04:07
UnknownUser
txt
RBN_IP_List_Update_6-11-2011.txt
manage
24.5 K
2011-06-12 - 03:45
UnknownUser
txt
RBN_IP_List_Update_6-13-2011.txt
manage
6.3 K
2011-06-13 - 16:00
UnknownUser
txt
RBN_IP_List_Update_6-14-2011.txt
manage
18.0 K
2011-06-14 - 11:52
UnknownUser
txt
RBN_IP_List_Update_6-19-2011.txt
manage
57.9 K
2011-06-19 - 20:25
UnknownUser
txt
RBN_IP_List_Update_6-21-2011.txt
manage
18.1 K
2011-06-21 - 18:23
UnknownUser
txt
RBN_IP_List_Update_6-28-2011.txt
manage
40.5 K
2011-06-28 - 14:20
UnknownUser
txt
RBN_IP_List_Update_6-6-2011.txt
manage
11.9 K
2011-06-06 - 04:40
UnknownUser
txt
RBN_IP_List_Update_6-9-2011.txt
manage
14.2 K
2011-06-09 - 11:24
UnknownUser
txt
RBN_IP_List_Update_7-13-2011.txt
manage
6.3 K
2011-07-13 - 11:34
UnknownUser
txt
RBN_IP_List_Update_7-15-2011.txt
manage
47.3 K
2011-07-15 - 04:27
UnknownUser
txt
RBN_IP_List_Update_7-18-2011.txt
manage
28.3 K
2011-07-18 - 13:15
UnknownUser
txt
RBN_IP_List_Update_7-21-2011.txt
manage
22.5 K
2011-07-21 - 11:37
UnknownUser
txt
RBN_IP_List_Update_7-3-2011.txt
manage
447.9 K
2011-07-03 - 16:22
UnknownUser
txt
RBN_IP_List_Update_7-5-2011.txt
manage
12.2 K
2011-07-05 - 10:36
UnknownUser
txt
RBN_IP_List_Update_7-6-2011.txt
manage
17.5 K
2011-07-06 - 11:06
UnknownUser
txt
RBN_IP_List_Update_7-8-2011.txt
manage
8.8 K
2011-07-08 - 11:52
UnknownUser
txt
RBN_IP_List_Update_8-29-2011.txt
manage
0.2 K
2011-08-29 - 11:05
UnknownUser
txt
RBN_IP_List_Update_9-18-2011.txt
manage
1.2 K
2011-09-18 - 19:22
UnknownUser
txt
RBN_Observations_2nd_Quarter_2010.txt
manage
1121.9 K
2010-07-06 - 01:20
UnknownUser
txt
Storm_2_IP_addresses_3-12-2011.txt
manage
4.2 K
2011-03-13 - 01:34
UnknownUser
txt
Storm_2_domain_objects_3-11-2011.txt
manage
41.1 K
2011-03-13 - 01:34
UnknownUser
txt
as29073_ECATEL-AS.txt
manage
190.1 K
2011-01-02 - 23:04
UnknownUser
txt
as51554_LYAHOV-AS_Lyahovich_Maksim.txt
manage
82.6 K
2011-01-02 - 23:04
UnknownUser
txt
emerging-rbn-malvertisers.txt
manage
0.6 K
2011-11-18 - 10:37
UnknownUser
txt
emerging-rbn-malvertising_update_7-15-2011.txt
manage
8.2 K
2011-07-15 - 04:28
UnknownUser
txt
hounds_to_the_hunters.txt
manage
90.6 K
2011-01-25 - 11:45
UnknownUser
txt
includes_skynet.txt
manage
93.3 K
2011-01-25 - 11:45
UnknownUser
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r284
<
r283
<
r282
<
r281
<
r280
|
B
acklinks
|
R
aw View
|
WYSIWYG
|
M
ore topic actions
Topic revision: r284 - 2016-02-01
-
MattJonkman
Main
Log In
Main Web
Create New Topic
Index
Search
Changes
Preferences
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss
Feed
EmergingFAQ
Copyright © Emerging Threats