EmergingThreats> Main Web>UserDocs>AllRulesets>BotCC (2017-04-26, FrancisTrudeau) EditAttach

Known Bot Command and Control Rules

This ruleset takes a daily list (generously made available to the public!) of known CnC? Servers as researched by Shadowserver.org and Abuse.ch, and converts them into Snort/Suricata signatures and Firewall rules.

Sources include:

Shadow Server

Feodo Tracker

Zeus Tracker

Ransomware Tracker

Note, all of these organizations are fully volunteer staffed and run.

These IPs are updates every 24 hours and should be considered VERY highly reliable indications that a host is communicating with a known and active Bot or Malware command and control server.

Rules are available here:

Botnet Command and Control Server Rules (BotCC):

Sid Range info:

2404000-2404099 Shadowserver.org CnC? List — Updated Daily

2404100-2404800 Abuse.ch Zeus/Feodo/Palevo/Ransomware Tracker CnC? List — Updated Daily

Firewall Rules http://rules.emergingthreats.net/fwrules

Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2017-04-26 - FrancisTrudeau
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats