{ "Event": { "analysis": "0", "date": "2020-12-10", "extends_uuid": "", "info": "OSINT - CobaltStrike C2s Dec2020_10", "publish_timestamp": "1607605109", "published": true, "threat_level_id": "2", "timestamp": "1607605096", "uuid": "1c4e9e86-eff3-485f-aa1d-1bff68101b14", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:rat=\"Cobalt Strike\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "6247385e-d35b-4fd3-8c5c-baf2f84ec1ec", "value": "192.119.111.117/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "b20a564e-edea-438a-ab8c-49ebf6ea252b", "value": "192.119.111.117/match" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "d0baa683-497c-4b4c-a242-6b748b594795", "value": "192.119.111.117/cm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "ad01ab3e-05cd-410f-ae6d-ad431b7c5391", "value": "http://scripts.completelyinnocuousdomain.com/updates.rss" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "8c1cafb0-fabb-4e33-938e-a2fa092451d2", "value": "scripts.completelyinnocuousdomain.com/ptj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "69a13af3-13ad-4574-a97a-ec8ba5a8b385", "value": "3.133.100.221/dot.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "4ffa4e15-92de-43e4-912d-4cbd9b810095", "value": "3.133.100.221/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "be0bc9b5-cb43-4e88-94a7-23fb0303cbc7", "value": "129.226.15.142/pixel.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "42401926-71f9-4437-ab0c-642bf968f444", "value": "lsass.services/idle/1376547834/1" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "1c801a83-ee84-4df1-9378-01c049e57b34", "value": "cs.yourintrinsichealth.com/dot.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "b1e56d27-b249-4ec4-98cc-04c5928c67dc", "value": "scripts.chickensdone.com/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "02ba5d76-f74d-4f06-9c12-0a047bcfff99", "value": "167.179.78.159/cm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "e779c3e6-fa4d-4e04-bb1c-708c6b3f1294", "value": "167.179.78.159/push" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "9f957714-0da4-4ac1-88d0-3a20431c2fa4", "value": "lsass.cloud/pixel" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "a8be673c-93d2-4a54-b7e9-2463b5d326e4", "value": "mesteratosr.me/api" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "98df11a4-30bf-4239-bfd5-7a2eeb29c303", "value": "185.162.235.111/pixel.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "93a70769-7a52-4887-ab34-0071cf841d73", "value": "185.162.235.111/en_US/all.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "978f68ff-525b-4f56-8140-bc43570aeab5", "value": "185.162.235.111/j.ad" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "3684c1ca-584c-426a-9d9e-681f90867371", "value": "172.19.178.93/ga.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "73858011-cfeb-4bcf-b858-99e669fa33a8", "value": "172.19.178.93/ca" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "128a4de7-f58e-4911-af65-d1e85013a1fc", "value": "servupdates.com/ga.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "3e59ec67-eade-4f38-ba38-c6e47a8104dd", "value": "servupdates.com/ptj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "225a6ce9-329e-49b6-9d73-05a114c25683", "value": "servupdates.com/ca" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "122f14c6-4f21-4998-b1fc-2cca227b0139", "value": "142.202.205.57/updates.rss" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "f60c090a-e650-4daa-925d-cf45d512a681", "value": "108.166.207.133/cm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "108854c1-afe8-4b20-a15c-018244cd6c2b", "value": "108.166.207.133/pixel" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "cf648da5-93c9-46bb-8e2a-73d4fa736766", "value": "3.137.217.140/dot.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "1be8eb51-2893-485e-821e-1ef77298bede", "value": "www.mssql.tk/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "eb05844b-0223-4423-bb66-e745e3778486", "value": "www.mssql.tk/IE9CompatViewList.xml" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "eef1e52e-bae9-4514-8354-abdb52f49437", "value": "42.192.145.157/ga.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "584a5077-c2b3-497e-9041-861d8dbe3ce0", "value": "42.192.145.157/cm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "80c68e30-fbd9-4da3-9064-af5f11e90cbf", "value": "42.192.145.157/IE9CompatViewList.xml" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "d5408b0b-5aad-4eb4-87e0-088a789f8ef3", "value": "42.192.145.157/push" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "9fc947ff-abfb-4805-a802-97e22cf42914", "value": "162.241.127.180/j.ad" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "506ebc8e-2a5b-4729-9edf-81ca17329e2d", "value": "104.247.196.106/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "025a2340-dc3e-47c2-96a0-f91be7bb18f7", "value": "103.117.72.60/ptj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "3d346534-20c4-4377-b515-31aa5e5953d4", "value": "outlook-1.azureedge.net/static/css/main.d22d3525.chunk.css" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "69cf018a-1a8b-4ace-8d30-f83f6671dede", "value": "a93.xyz/IE9CompatViewList.xml" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "f3c7a756-4072-433f-8bbb-cc0c4d21d0c4", "value": "167.179.66.246/ptj" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "8bc9ac2a-9cae-4631-890a-31d9a4ffa146", "value": "http://daiwa-cm-us.azureedge.net//ro13.64.101.24/ro" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "81338ccc-1ddd-4d43-9ca3-5e3dce1ae129", "value": "145.249.106.134/ga.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "f184ef82-f674-4f55-9fde-d8e5195a64ed", "value": "145.249.106.134/dpixel" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "79dcb2ef-3723-4f6d-ade1-c9ffacba4d02", "value": "145.249.106.134/cm" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "173b3b9b-6104-420e-863e-598af599efa1", "value": "218.253.251.89/fwlink" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "7c960e90-cca3-4754-9d8c-143663179c94", "value": "194.5.249.55/dot.gif" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "cc5866e9-81ec-4956-8f4c-960ea859922a", "value": "194.5.249.55/dpixel" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "9e4faf9e-822e-490c-aef6-70dc04411672", "value": "194.5.249.55/cx" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604942", "to_ids": true, "type": "url", "uuid": "c5eb6907-322e-4b32-97a7-293a539fa05d", "value": "47.104.91.8/en_US/all.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604943", "to_ids": true, "type": "url", "uuid": "d79eb25d-b726-4719-8a54-56ac4396af3f", "value": "47.104.91.8/fwlink" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604943", "to_ids": true, "type": "url", "uuid": "143ec3b0-0af1-40cb-8d2c-2bde6222fdcb", "value": "45.141.84.32/dpixel" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604943", "to_ids": true, "type": "url", "uuid": "1f657410-e8c8-4277-9ed2-83fb8ae04fa5", "value": "45.141.84.32/visit.js" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604943", "to_ids": true, "type": "url", "uuid": "e09b1e5d-1425-487b-a2e5-960caf80b04d", "value": "45.141.84.32/IE9CompatViewList.xml" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "e4f21093-84dd-4862-b37b-3bc5ee18ea94", "value": "66.228.39.123" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "e3e1e26c-ef1e-42cd-a606-7ee75b457c6e", "value": "54.226.33.66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "72afbb14-4393-420c-a9fe-16144bbd7a7c", "value": "175.24.246.200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "30ab8781-7225-49f6-bfc6-fd485b6be520", "value": "52.15.240.204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "fe02ce66-8a8d-4fe8-bb14-e077e5d36e75", "value": "3.133.160.202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "70c162fc-fe93-49c4-89d1-4b2d446324ee", "value": "47.91.237.42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "40646ad7-a147-4a8e-9d09-4f1af05ad3f3", "value": "167.179.78.159" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "b41a562d-45d4-4285-8371-cf047076be53", "value": "62.57.104.87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "657e7f54-66b8-4e2c-8ef8-1f82e57e9253", "value": "116.63.189.240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "a9f14d6c-a626-46fd-ba44-ba0228730252", "value": "139.155.49.43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "b22becbc-b286-4fae-b81c-4f3dafffaa3d", "value": "45.33.77.77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b", "value": "193.168.147.249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca", "value": "154.209.86.57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c", "value": "185.207.154.19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "1c17a6bc-fbda-4b03-a44c-4dd76c76278b", "value": "185.162.235.111" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "54b7f0a7-b3c1-471a-a51f-59a4d3f872c4", "value": "122.51.197.5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "210882c2-52d3-4c16-86db-f0f2a7d016cd", "value": "193.34.166.73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "d3492ba3-6d21-4875-abcf-599d971630bf", "value": "152.32.253.210" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "ca8eaa5a-1cb0-4f76-bacc-009f34c28910", "value": "185.181.102.197" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "8bb0385f-29c8-47a1-8e64-9a3d7654c8d8", "value": "142.202.205.57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "512dc9e4-39fd-483a-9c37-33732ff2fc2f", "value": "108.166.207.133" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "90fed0f9-30c3-405a-b140-5ae7b3bc0d00", "value": "3.137.217.140" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "513f4f23-5529-48e1-9dcb-92dedb518186", "value": "121.4.69.24" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "b3e64d81-deb3-4dc7-86fd-0f3beddaf946", "value": "39.96.9.238" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528", "value": "148.70.139.64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "e5aecfb6-27a9-41c1-89d4-7cfbb86518b9", "value": "47.101.43.224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0", "value": "47.97.65.242" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "41fa73c2-4463-484a-ac6d-36c087791fd0", "value": "42.192.145.157" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "75029c0f-1302-4c59-a432-e841aaf98461", "value": "162.241.127.180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "c4a58643-4056-423c-8b11-337ea18de2e9", "value": "104.247.196.106" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "9aff7ff2-2369-4b1b-bb20-2570b986e4f9", "value": "146.185.132.43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "13fd34df-5fcb-4b01-becf-6d708e8a903f", "value": "103.117.72.60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "a9af5349-77e8-4d0c-88b9-76278bb1634c", "value": "185.189.183.173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "a82a85b1-ec4c-4ec4-acdd-004df0f50a4d", "value": "167.99.200.45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604988", "to_ids": true, "type": "ip-src", "uuid": "a08f04a8-b081-4865-a37a-1a27c07ea796", "value": "167.179.66.246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc", "value": "139.180.199.171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "1fdeacac-2de6-45f7-80ab-d937cf50d05d", "value": "13.64.101.24" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "27fbefcc-37e4-4d1a-9cce-e93eb60cc969", "value": "202.182.125.249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "3719f638-8a32-410f-a088-2ba92f75f901", "value": "106.14.94.149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "6bb8f113-d066-4070-b65a-43197b5b41d1", "value": "60.12.215.101" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "ad15f4bb-8a55-4f57-ba0f-267060080e55", "value": "145.249.106.134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "1a3119e1-ae80-405c-911d-b3f2aefadef9", "value": "193.187.118.232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "f9884dcf-4510-4307-8f71-a72d3297f376", "value": "218.253.251.89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "47b12b84-eeaa-4aa5-8cf7-afb439266806", "value": "194.5.249.55" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "2a24f995-126a-4713-9f6b-157225f2c83d", "value": "47.104.91.8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "fc3b66b0-c894-4974-9e4c-23540d7bd952", "value": "118.107.41.104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "d13b268d-e82e-4b75-92ed-1488eb7269e4", "value": "45.141.84.32" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "3ebae168-c560-48c7-a7de-0c09eccde1f6", "value": "3.17.176.47" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "ed99ba56-4c65-4416-af26-658b059c0afe", "value": "111.229.51.128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "13906e4d-d2fb-43ff-b6c8-70a979c23083", "value": "23.106.160.191" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a", "value": "100.24.56.227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1607604989", "to_ids": true, "type": "ip-src", "uuid": "81996b71-19d5-4230-9a4a-6ed7d1f756ea", "value": "45.199.110.164" } ], "Object": [ { "comment": "", "deleted": false, "description": "Paste or similar post from a website allowing to share privately or publicly posts.", "meta-category": "misc", "name": "paste", "template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", "template_version": "5", "timestamp": "1607605042", "uuid": "c9f35ca0-b785-4690-8831-338c8eb35ffe", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "origin", "timestamp": "1607605042", "to_ids": false, "type": "text", "uuid": "8914c184-e266-48b8-bb4b-1d7ace03eda3", "value": "pastebin.com" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "title", "timestamp": "1607605042", "to_ids": false, "type": "text", "uuid": "7207e756-0071-499c-8009-0a576457e179", "value": "CobaltStrike C2s Dec2020_10" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1607605042", "to_ids": false, "type": "text", "uuid": "fbdc9ea7-0eec-42b1-b3f3-38cc431b0556", "value": "ImGlaCiuS" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "link", "timestamp": "1607605043", "to_ids": false, "type": "link", "uuid": "d810405f-4746-4046-8fff-f7f7bc91b66d", "value": "https://pastebin.com/Svw5vMvm" } ] } ] } }