misp-circl-feed/feeds/circl/misp/5deea6f2-568c-4fe3-a457-0d230a0a019b.json

3585 lines
130 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2019-12-09",
"extends_uuid": "",
"info": "Tracking Powershell Empire C2 via Urlscan",
"publish_timestamp": "1589181499",
"published": true,
"threat_level_id": "2",
"timestamp": "1588338859",
"uuid": "5deea6f2-568c-4fe3-a457-0d230a0a019b",
"Orgc": {
"name": "Hestat",
"uuid": "5cb1fe4f-5ebc-4dc2-b79f-4374b49abff9"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:mitre-tool=\"Empire - S0363\""
},
{
"colour": "#009922",
"name": "Threat Source:OSINT"
},
{
"colour": "#ff8a00",
"name": "Source:Urlscan.io"
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#0087e8",
"name": "osint:certainty=\"50\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-28ec-432c-89fb-e25974656a8a",
"value": "194.99.22.145"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-01ac-44d8-bad9-e25974656a8a",
"value": "https://194.99.22.145",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-34e8-48d9-9a36-e25974656a8a",
"value": "https://194.99.22.145/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-12e8-4045-9f5d-e25974656a8a",
"value": "81.150.206.83"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-ddc4-4a4b-919e-e25974656a8a",
"value": "http://81.150.206.83:443/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-c760-439a-ad7c-e25974656a8a",
"value": "167.172.197.56"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-ad54-4525-97ec-e25974656a8a",
"value": "http://167.172.197.56",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-963c-4d8e-8ba5-e25974656a8a",
"value": "88.150.137.138"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-2a60-40e8-b7bc-e25974656a8a",
"value": "https://msofficeadvices.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-c554-4293-a9ca-e25974656a8a",
"value": "188.166.19.143"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-fa94-4df0-ac46-e25974656a8a",
"value": "https://188.166.19.143",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-6620-47d5-9114-e25974656a8a",
"value": "45.67.231.104"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-21a4-4b94-aa08-e25974656a8a",
"value": "http://45.67.231.104",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-52fc-4a89-b42d-e25974656a8a",
"value": "34.65.152.49"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-68bc-41b0-8b00-e25974656a8a",
"value": "https://updates.esiotrot.xyz",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-2ae4-4385-86eb-e25974656a8a",
"value": "139.180.209.145"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-2dc0-40c8-9e77-e25974656a8a",
"value": "https://healthcare-registration.xyz",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-a170-4bfa-b839-e25974656a8a",
"value": "https://139.180.209.145/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-7440-447a-8c99-e25974656a8a",
"value": "18.222.125.41"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-069c-4a87-8da4-e25974656a8a",
"value": "https://test.safedatasystems.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-c4b8-4e11-bc0b-e25974656a8a",
"value": "13.58.172.43"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-7c94-4580-810f-e25974656a8a",
"value": "https://drivesecure.safedatasystems.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-0e28-4f99-b6a6-e25974656a8a",
"value": "194.36.190.54"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-a854-49d7-a119-e25974656a8a",
"value": "https://194.36.190.54:443",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-9870-4ff9-90bf-e25974656a8a",
"value": "45.33.104.234"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-63d4-47cd-bdf8-e25974656a8a",
"value": "http://iot-config-engine.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-d6d4-4532-bbe1-e25974656a8a",
"value": "198.46.227.15"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-3240-4cce-838e-e25974656a8a",
"value": "https://red.csirt.fun/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-9a2c-4ca6-b204-e25974656a8a",
"value": "185.227.68.86"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-f744-4b24-815e-e25974656a8a",
"value": "https://socialpolicies.org/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-cbe4-44bb-81d1-e25974656a8a",
"value": "123.116.96.233"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-4e60-4cdf-8b40-e25974656a8a",
"value": "http://noteyi.com:8886/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-479c-4874-963d-e25974656a8a",
"value": "167.71.191.55"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-0cc0-436c-8379-e25974656a8a",
"value": "https://lifeinsurancecoveragequotes.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-5110-4e84-a9a7-e25974656a8a",
"value": "https://socialpolicies.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-0c0c-470d-9ce6-e25974656a8a",
"value": "62.210.27.123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-d964-498c-a1d3-e25974656a8a",
"value": "http://62.210.27.123",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-877c-42a1-a72b-e25974656a8a",
"value": "45.32.150.52"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-78e8-41b3-b153-e25974656a8a",
"value": "http://nbk-trainings.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-85ec-4921-803e-e25974656a8a",
"value": "77.81.110.76"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-b238-4e68-bc0c-e25974656a8a",
"value": "http://venusidea.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-1f9c-4b16-ba3e-e25974656a8a",
"value": "52.37.173.22"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-5dfc-4930-a726-e25974656a8a",
"value": "https://airwatch.aeratechnolgy.com/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541879",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb7-bad4-4c62-ba90-e25974656a8a",
"value": "185.216.35.182"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb7-7954-42f7-bd57-e25974656a8a",
"value": "https://functiondiscovery.net",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-3bfc-4e9c-a1b6-e25974656a8a",
"value": "207.148.85.242"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-fb8c-495e-844a-e25974656a8a",
"value": "http://207.148.85.242",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-782c-492a-a4ef-e25974656a8a",
"value": "142.93.137.2"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-cfb0-4eae-af95-e25974656a8a",
"value": "http://142.93.137.2",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-cf8c-4305-b802-e25974656a8a",
"value": "68.235.34.235"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-4fa8-45bf-bcf8-e25974656a8a",
"value": "http://google-settingsapi.fbapp.link",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-1c84-4079-b4a3-e25974656a8a",
"value": "104.167.109.246"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-79e4-41af-985d-e25974656a8a",
"value": "http://104.167.109.246",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-95e4-49a9-9253-e25974656a8a",
"value": "83.212.74.22"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-c548-4186-abb7-e25974656a8a",
"value": "http://83.212.74.22",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-4160-4a11-9c0d-e25974656a8a",
"value": "52.15.49.41"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-0f80-4f67-a82d-e25974656a8a",
"value": "http://ur.owned.fyi",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-c630-4f92-9eb6-e25974656a8a",
"value": "34.195.166.4"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-3a9c-4bd1-a80f-e25974656a8a",
"value": "http://emp.fourhorsemen.tech:8080",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-76e4-434d-8baa-e25974656a8a",
"value": "84.16.242.231"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-8e34-486f-b581-e25974656a8a",
"value": "https://endpointreserve.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-5c14-4952-93e4-e25974656a8a",
"value": "157.230.26.0"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-ddec-4516-a8e7-e25974656a8a",
"value": "http://157.230.26.0",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-57d0-4be6-a206-e25974656a8a",
"value": "195.201.23.134"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-964c-49c1-a9d2-e25974656a8a",
"value": "http://check.wittmann-it-security.org/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-f144-4510-bbb7-e25974656a8a",
"value": "2606:4700:30::6812:3594"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-34b8-436d-8a0a-e25974656a8a",
"value": "http://msdn.cloud",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-b58c-46ed-b06c-e25974656a8a",
"value": "167.99.60.195"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-c824-462f-b356-e25974656a8a",
"value": "http://167.99.60.195:80",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-87ec-499f-af6d-e25974656a8a",
"value": "157.230.231.108"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-a450-4a31-af69-e25974656a8a",
"value": "https://perksatwork.tk",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-a454-4c89-90d4-e25974656a8a",
"value": "18.225.11.235"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-d28c-48c4-adba-e25974656a8a",
"value": "https://fcbankfs01.departments.it.fisrv.help",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-5378-44f6-ab08-e25974656a8a",
"value": "64.231.208.45"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-23b0-4477-904f-e25974656a8a",
"value": "https://64.231.208.45",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-7168-4dad-ad2c-e25974656a8a",
"value": "185.117.75.116"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-7788-4c53-a223-e25974656a8a",
"value": "http://185.117.75.116",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-7060-465c-86b1-e25974656a8a",
"value": "185.245.84.106"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-d184-468d-b623-e25974656a8a",
"value": "https://officestorage.org/",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-be1c-449c-a9b2-e25974656a8a",
"value": "5.226.139.30"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-9ef4-42c5-92b0-e25974656a8a",
"value": "https://5.226.139.30",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-5aec-46ee-ad66-e25974656a8a",
"value": "172.104.189.160"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-0368-40f7-860b-e25974656a8a",
"value": "http://172.104.189.160",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-b208-4d61-a7ec-e25974656a8a",
"value": "185.244.149.72"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-8ec0-483c-b908-e25974656a8a",
"value": "http://185.244.149.72",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-dd00-4d74-8a69-e25974656a8a",
"value": "45.76.81.45"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-de0c-47bb-99a3-e25974656a8a",
"value": "http://45.76.81.45",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-6944-4ef7-ad17-e25974656a8a",
"value": "51.144.106.161"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-7540-4f27-ab4f-e25974656a8a",
"value": "http://pladderballe.westeurope.cloudapp.azure.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-f824-4292-86bc-e25974656a8a",
"value": "http://localarea-search.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-a95c-4f5c-955c-e25974656a8a",
"value": "142.4.212.73"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-1ee4-4951-95a6-e25974656a8a",
"value": "http://142.4.212.73",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-7060-4d25-bbd9-e25974656a8a",
"value": "178.128.104.195"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541984",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-9ca4-4824-b05d-e25974656a8a",
"value": "http://zfsociety.duckdns.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-4abc-4db9-8948-e25974656a8a",
"value": "213.215.18.19"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-caa0-44ed-ad86-e25974656a8a",
"value": "http://timbaud.fr",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-dd54-4118-af3b-e25974656a8a",
"value": "http://stade-rennais.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-9fb4-4c26-8770-e25974656a8a",
"value": "199.247.14.183"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-e788-494d-98f3-e25974656a8a",
"value": "http://safeserverltd.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-bb7c-4c05-89f2-e25974656a8a",
"value": "http://offrespartenaires.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-2360-4e79-9484-e25974656a8a",
"value": "195.30.125.135"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-030c-4185-b522-e25974656a8a",
"value": "http://upload.secure-portal.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-3de0-4705-a2c2-e25974656a8a",
"value": "104.250.97.147"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-ce80-4423-a918-e25974656a8a",
"value": "http://update.missoulahealthcare.xyz",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-0020-4e85-8f87-e25974656a8a",
"value": "2606:4700:30::6818:6720"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-99e8-4901-b250-e25974656a8a",
"value": "http://ticketsmasters.win",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-1ab4-4422-98ba-e25974656a8a",
"value": "http://testb.nsd.li",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541983",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-53bc-442b-9ac3-e25974656a8a",
"value": "http://survey.fiduciaqad.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-64bc-45c9-9a68-e25974656a8a",
"value": "23.105.219.17"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-7e70-4b2b-9a5c-e25974656a8a",
"value": "http://sssvr.club",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-3f88-4de0-bf7e-e25974656a8a",
"value": "http://ptir.g-statics.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-8b2c-497a-8cc9-e25974656a8a",
"value": "http://privedsales.ignorelist.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-9070-44b3-9a41-e25974656a8a",
"value": "198.100.147.70"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-b27c-434a-a036-e25974656a8a",
"value": "http://ns503220.ip-198-100-147.net",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-4278-4738-b119-e25974656a8a",
"value": "http://ns2.pentest.fr",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-f564-4a4b-b9ae-e25974656a8a",
"value": "146.185.253.140"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-50ec-458b-8741-e25974656a8a",
"value": "http://mediareleasedtoday.net",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-5de8-479e-bc8b-e25974656a8a",
"value": "http://mail.geschenk-mit-herz.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-a4c4-4335-8e5c-e25974656a8a",
"value": "23.100.18.249"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-ae28-4207-9043-e25974656a8a",
"value": "http://magicum.eastus.cloudapp.azure.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-8964-49e5-8c8b-e25974656a8a",
"value": "http://m.stade-rennais.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-39f8-4181-a5b6-e25974656a8a",
"value": "http://kasperskylab.ignorelist.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-5b68-4822-9bf8-e25974656a8a",
"value": "23.254.164.197"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-f848-4842-8814-e25974656a8a",
"value": "http://hwsrv-298769.hostwindsdns.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-5424-49ca-8b38-e25974656a8a",
"value": "47.244.13.123"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-49b8-4653-b855-e25974656a8a",
"value": "http://hk.0-9.club",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-0a2c-42a4-96d8-e25974656a8a",
"value": "87.213.173.189"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-f18c-45ad-af6d-e25974656a8a",
"value": "http://gipsy.sarlaith.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-896c-4675-b339-e25974656a8a",
"value": "http://geschenk-mit-herz.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-096c-4847-8b3a-e25974656a8a",
"value": "104.244.72.144"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-aaa0-417f-86f1-e25974656a8a",
"value": "http://frezer.mooo.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-cf28-4963-ae56-e25974656a8a",
"value": "http://files.missoulahealthcare.xyz",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-ad50-416a-8e69-e25974656a8a",
"value": "http://fiduciaqad.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-81a0-454e-98d4-e25974656a8a",
"value": "http://fax.fiduciaqad.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-9650-4783-88f8-e25974656a8a",
"value": "13.89.241.234"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-55d8-467f-a767-e25974656a8a",
"value": "http://executivejewishdating.com",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-7fe8-4a20-b9d4-e25974656a8a",
"value": "217.182.38.136"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-bec8-4266-9038-e25974656a8a",
"value": "http://cylog.club",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-2670-463a-9ece-e25974656a8a",
"value": "http://calcon.secure-portal.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb8-e68c-4553-916b-e25974656a8a",
"value": "http://bw-spieibanken.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541880",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb8-9378-4b37-aff9-e25974656a8a",
"value": "87.213.175.189"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-6540-417f-a732-e25974656a8a",
"value": "http://backlash.sarlaith.org",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-8b50-4a32-a064-e25974656a8a",
"value": "http://amazon.secure-portal.de",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-a5bc-40d1-bc07-e25974656a8a",
"value": "2606:4700:30::6818:6620"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-808c-4913-a68d-e25974656a8a",
"value": "94.140.116.216"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-3674-47d1-8eeb-e25974656a8a",
"value": "http://94.140.116.216:443/admin",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-ced4-4574-9f4b-e25974656a8a",
"value": "23.82.185.140"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-4408-49ea-af02-e25974656a8a",
"value": "http://23.82.185.140:443/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-b640-4bdf-b242-e25974656a8a",
"value": "45.147.228.91"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-3b90-407e-a6a3-e25974656a8a",
"value": "http://45.147.228.91:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-a7f8-4ef6-b0fb-e25974656a8a",
"value": "45.76.21.239"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-8a20-4bb1-b9b3-e25974656a8a",
"value": "http://45.76.21.239:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-e648-455f-856f-e25974656a8a",
"value": "http://45.76.21.239:443/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-1e38-4b2f-b993-e25974656a8a",
"value": "http://45.76.21.239:443/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-8d24-4faa-ade0-e25974656a8a",
"value": "176.121.14.143"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-a620-412b-9754-e25974656a8a",
"value": "http://176.121.14.143:9050/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-3a70-4cb7-bb18-e25974656a8a",
"value": "212.114.52.151"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541956",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-d090-4b91-b395-e25974656a8a",
"value": "http://212.114.52.151:443/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-7034-4d81-b4f1-e25974656a8a",
"value": "45.147.228.89"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-8cfc-4f04-ba72-e25974656a8a",
"value": "http://45.147.228.89:443/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-246c-4e51-99d9-e25974656a8a",
"value": "81.22.45.235"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-22e0-4f1e-8d1e-e25974656a8a",
"value": "http://81.22.45.235:80",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-8a08-4e30-abe3-e25974656a8a",
"value": "http://81.22.45.235:8080",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-bf1c-445a-82e5-e25974656a8a",
"value": "45.147.228.95"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-9a58-4060-b490-e25974656a8a",
"value": "http://45.147.228.95:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-5ac4-4df4-ac44-e25974656a8a",
"value": "45.76.27.238"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541956",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-db70-4a10-987f-e25974656a8a",
"value": "http://45.76.27.238:443/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-32f4-41b6-a331-e25974656a8a",
"value": "66.42.70.193"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541956",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-ea64-4cc9-9eed-e25974656a8a",
"value": "http://66.42.70.193:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-66bc-45bf-a42e-e25974656a8a",
"value": "176.121.14.159"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-26a0-42aa-8730-e25974656a8a",
"value": "http://176.121.14.159:443/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-43a0-4e41-8790-e25974656a8a",
"value": "45.77.64.186"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-2970-45b1-85a6-e25974656a8a",
"value": "http://45.77.64.186:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-432c-4322-b3f9-e25974656a8a",
"value": "91.235.129.170"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-118c-4bd6-a81c-e25974656a8a",
"value": "https://91.235.129.170/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-03dc-4c24-9c81-e25974656a8a",
"value": "195.123.212.217"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-bd48-4ffe-bd19-e25974656a8a",
"value": "http://195.123.212.217/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-1be8-402d-87ed-e25974656a8a",
"value": "http://195.123.212.217/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-ada0-427c-81f2-e25974656a8a",
"value": "109.94.110.136"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-17a4-4d42-9ed9-e25974656a8a",
"value": "https://109.94.110.136:443/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-0398-4cc3-b1bd-e25974656a8a",
"value": "192.243.103.89"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-3514-49bc-aeb9-e25974656a8a",
"value": "https://192.243.103.89:443/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-d30c-4a9b-a90c-e25974656a8a",
"value": "194.36.189.9"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-b5d8-4d73-959e-e25974656a8a",
"value": "https://194.36.189.9/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-7d94-4944-973a-e25974656a8a",
"value": "185.16.41.219"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-b314-4d1a-ac14-e25974656a8a",
"value": "https://185.16.41.219:80/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-0e4c-490a-8a91-e25974656a8a",
"value": "https://185.16.41.219/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-d0b4-4afe-a585-e25974656a8a",
"value": "216.189.154.85"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-4178-4093-8ea0-e25974656a8a",
"value": "https://216.189.154.85:443/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-9d00-4b83-919b-e25974656a8a",
"value": "185.25.51.48"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541958",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-62c0-4285-9903-e25974656a8a",
"value": "http://185.25.51.48",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-7310-4255-8750-e25974656a8a",
"value": "http://185.25.51.48/4ehkbatOFTTUYZV",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-ff2c-480a-92e0-e25974656a8a",
"value": "5.188.231.109"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-5dd4-44ea-a8f1-e25974656a8a",
"value": "https://5.188.231.109:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-4938-407e-b19c-e25974656a8a",
"value": "162.244.32.42"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-61d0-49c9-93ea-e25974656a8a",
"value": "https://162.244.32.42/news.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-315c-40f8-afd6-e25974656a8a",
"value": "162.247.155.105"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-166c-4d73-bfc9-e25974656a8a",
"value": "http://162.247.155.105:443/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-f300-49a8-8039-e25974656a8a",
"value": "65.111.247.100"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-b054-4219-bbb2-e25974656a8a",
"value": "http://65.111.247.100:4444/file.ps1",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-6bd8-4cae-b421-e25974656a8a",
"value": "35.158.75.78"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-6ef4-4a52-881e-e25974656a8a",
"value": "http://35.158.75.78/index.html",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-efbc-4493-85af-e25974656a8a",
"value": "77.244.219.111"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-8a4c-412b-b6a5-e25974656a8a",
"value": "http://77.244.219.111:8080/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-7554-4c5d-9290-e25974656a8a",
"value": "46.166.185.117"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541957",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-bee4-4803-a7fe-e25974656a8a",
"value": "http://46.166.185.117:8080/admin/get.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541881",
"to_ids": true,
"type": "ip-dst",
"uuid": "5df81eb9-c258-4c51-ab59-e25974656a8a",
"value": "40.126.251.3"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576541956",
"to_ids": true,
"type": "url",
"uuid": "5df81eb9-abac-4350-9195-e25974656a8a",
"value": "https://40.126.251.3/login/process.php",
"Tag": [
{
"colour": "#10e874",
"name": "Powershell Empire"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Artifacts dropped",
"comment": "Hashes of Powershell Empire C2 masquerade page",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576542108",
"to_ids": false,
"type": "sha256",
"uuid": "5df81f9c-e444-4b18-b8d4-986e0a0a019b",
"value": "b8c892fbb49921529be6f6ce17685c31724f76959111b28f39e39dc299b8acaf"
},
{
"category": "Artifacts dropped",
"comment": "Hashes of Powershell Empire C2 masquerade page",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576542108",
"to_ids": false,
"type": "sha256",
"uuid": "5df81f9c-db88-4915-bd59-986e0a0a019b",
"value": "a58fb107072d9523114a1b1f17fbf5e7a8b96da7783f24d84f83df34abc48576"
},
{
"category": "Support Tool",
"comment": "URLscan search for older Empire C2 hash",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576542154",
"to_ids": false,
"type": "link",
"uuid": "5df81fca-fb1c-449f-ad16-986e0a0a019b",
"value": "https://urlscan.io/search/#hash%3Aa58fb107072d9523114a1b1f17fbf5e7a8b96da7783f24d84f83df34abc48576"
},
{
"category": "Support Tool",
"comment": "URLscan search for current Empire C2 hash",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576542243",
"to_ids": false,
"type": "link",
"uuid": "5df82023-b000-4d18-bd6a-deda0a0a019b",
"value": "https://urlscan.io/search/#hash%3Ab8c892fbb49921529be6f6ce17685c31724f76959111b28f39e39dc299b8acaf%20"
},
{
"category": "External analysis",
"comment": "Original CSV with downloaded data from Urlscan searches",
"data": "RGF0ZSxVUkwsQ291bnRyeSxEb21haW4sQVNOLFBUUixJUCxTSEEyNTYNCjIwMTktMTItMTJUMTU6MzI6NDEuMDEzWiwgaHR0cHM6Ly8xOTQuOTkuMjIuMTQ1LERFLCAxOTQuOTkuMjIuMTQ1LCBBUzIwMjQ0OCwgbm8tcmV2ZXJzZS15ZXQubG9jYWwsIDE5NC45OS4yMi4xNDUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMi0xMlQxNToyMzo0Ny40OTlaLCBodHRwczovLzE5NC45OS4yMi4xNDUvLERFLCAxOTQuOTkuMjIuMTQ1LCBBUzIwMjQ0OCwgbm8tcmV2ZXJzZS15ZXQubG9jYWwsIDE5NC45OS4yMi4xNDUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMi0wM1QxNDozNToyNC43NThaLCBodHRwOi8vODEuMTUwLjIwNi44Mzo0NDMvLEdCLCA4MS4xNTAuMjA2LjgzLCBBUzI4NTYsIG1haWwxLnlhY2MuY28udWssIDgxLjE1MC4yMDYuODMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMS0yN1QyMDowMjozNy44MjlaLCBodHRwOi8vMTY3LjE3Mi4xOTcuNTYsVVMsIDE2Ny4xNzIuMTk3LjU2LCBBUzE0MDYxLCAsIDE2Ny4xNzIuMTk3LjU2LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTEtMjFUMTM6NTg6MDMuNTI3WiwgaHR0cHM6Ly9tc29mZmljZWFkdmljZXMuY29tLEdCLCBtc29mZmljZWFkdmljZXMuY29tLCBBUzIwODYwLCAsIDg4LjE1MC4xMzcuMTM4LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTEtMTFUMTg6NDE6MjUuOTcxWiwgaHR0cHM6Ly8xODguMTY2LjE5LjE0MyxOTCwgMTg4LjE2Ni4xOS4xNDMsIEFTMTQwNjEsICwgMTg4LjE2Ni4xOS4xNDMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMC0yMlQwMDoxODoxOC40MDRaLCBodHRwOi8vNDUuNjcuMjMxLjEwNCxOTCwgNDUuNjcuMjMxLjEwNCwgQVM2MjA4OCwgZGFya3JheS5jb20sIDQ1LjY3LjIzMS4xMDQsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMC0yMVQwMDoxMzo1MC40NDZaLCBodHRwczovL3VwZGF0ZXMuZXNpb3Ryb3QueHl6LFVTLCB1cGRhdGVzLmVzaW90cm90Lnh5eiwgQVMxNTE2OSwgNDkuMTUyLjY1LjM0LmJjLmdvb2dsZXVzZXJjb250ZW50LmNvbSwgMzQuNjUuMTUyLjQ5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTAtMTdUMTY6NTc6MTYuODY0WiwgaHR0cHM6Ly9oZWFsdGhjYXJlLXJlZ2lzdHJhdGlvbi54eXosU0csIGhlYWx0aGNhcmUtcmVnaXN0cmF0aW9uLnh5eiwgQVMyMDQ3MywgMTM5LjE4MC4yMDkuMTQ1LnZ1bHRyLmNvbSwgMTM5LjE4MC4yMDkuMTQ1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTAtMTdUMTY6NTY6NTIuOTI2WiwgaHR0cHM6Ly8xMzkuMTgwLjIwOS4xNDUvLFNHLCAxMzkuMTgwLjIwOS4xNDUsIEFTMjA0NzMsIDEzOS4xODAuMjA5LjE0NS52dWx0ci5jb20sIDEzOS4xODAuMjA5LjE0NSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTEwLTA0VDIwOjIxOjM5LjYzM1osIGh0dHBzOi8vdGVzdC5zYWZlZGF0YXN5c3RlbXMuY29tLFVTLCB0ZXN0LnNhZmVkYXRhc3lzdGVtcy5jb20sIEFTMTY1MDksIGVjMi0xOC0yMjItMTI1LTQxLnVzLWVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20sIDE4LjIyMi4xMjUuNDEsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wOS0yNlQxMzo0OTo0OS41MzFaLCBodHRwczovL2RyaXZlc2VjdXJlLnNhZmVkYXRhc3lzdGVtcy5jb20sVVMsIGRyaXZlc2VjdXJlLnNhZmVkYXRhc3lzdGVtcy5jb20sIEFTMTY1MDksIGVjMi0xMy01OC0xNzItNDMudXMtZWFzdC0yLmNvbXB1dGUuYW1hem9uYXdzLmNvbSwgMTMuNTguMTcyLjQzLGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDktMTlUMTM6MDc6MTIuOTY2WiwgaHR0cHM6Ly8xOTQuMzYuMTkwLjU0OjQ0MyxOTCwgMTk0LjM2LjE5MC41NCwgQVM2MDExNywgLCAxOTQuMzYuMTkwLjU0LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDktMDlUMjA6MzA6MzMuMzA1WiwgaHR0cDovL2lvdC1jb25maWctZW5naW5lLmNvbSxVUywgaW90LWNvbmZpZy1lbmdpbmUuY29tLCBBUzYzOTQ5LCBsaTE0MzEtMjM0Lm1lbWJlcnMubGlub2RlLmNvbSwgNDUuMzMuMTA0LjIzNCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA4LTI4VDExOjAxOjAyLjA5OVosIGh0dHBzOi8vcmVkLmNzaXJ0LmZ1bi8sVVMsIHJlZC5jc2lydC5mdW4sIEFTMzYzNTIsIDE5OC0yNDUtNjktMTctaG9zdC5jb2xvY3Jvc3NpbmcuY29tLCAxOTguNDYuMjI3LjE1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDgtMjdUMDk6MDQ6MTEuMDc1WiwgaHR0cHM6Ly9zb2NpYWxwb2xpY2llcy5vcmcvLEZJLCBzb2NpYWxwb2xpY2llcy5vcmcsIEFTMjA2ODA0LCAsIDE4NS4yMjcuNjguODYsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wOC0xNl
"deleted": false,
"disable_correlation": false,
"timestamp": "1576542289",
"to_ids": false,
"type": "attachment",
"uuid": "5df82051-a630-4a54-bcc5-de9c0a0a019b",
"value": "empire.csv"
},
{
"category": "External analysis",
"comment": "Source of the MISP event",
"deleted": false,
"disable_correlation": false,
"timestamp": "1576589519",
"to_ids": false,
"type": "link",
"uuid": "5df8d8cf-a4a0-4391-9f86-4a11950d210f",
"value": "https://github.com/Hestat/intel-sharing/blob/master/powershell-empire-12-16-19/misp.event.7941.json"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588338859",
"to_ids": true,
"type": "url",
"uuid": "5e2f32e8-68cc-423d-b58e-4a90950d210f",
"value": "https://officestorage.org:443"
}
]
}
}