{ "Event": { "analysis": "2", "date": "2017-03-10", "extends_uuid": "", "info": "OSINT - Pulling Back the Curtains on EncodedCommand PowerShell Attacks", "publish_timestamp": "1587967869", "published": true, "threat_level_id": "3", "timestamp": "1587967841", "uuid": "58c302f0-3068-4b0a-91c2-463f02de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1489175330", "to_ids": false, "type": "link", "uuid": "58c302fd-0780-4809-b83f-48fc02de0b81", "value": "http://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1489175331", "to_ids": false, "type": "text", "uuid": "58c30314-4298-403f-bea6-49c002de0b81", "value": "PowerShell has continued to gain in popularity over the past few years as the framework continues to mature, so it\u00e2\u20ac\u2122s no surprise we\u00e2\u20ac\u2122re seeing it in more attacks. PowerShell offers attackers a wide range of capabilities natively on the system and with a quick look at the landscape of malicious PowerShell tools flooding out; you have a decent indicator of its growth.\r\n\r\nMicrosoft has done a fantastic job in later versions of PowerShell by giving multiple ways to log PowerShell activity (Transcription, ScriptBlock, etc) so there has been a shift to try and further obfuscate attacks at runtime.", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "Network activity", "comment": "Meterpreter RHTTP", "deleted": false, "disable_correlation": false, "timestamp": "1489175367", "to_ids": true, "type": "ip-dst", "uuid": "58c30347-6984-44c1-9ec8-46ac02de0b81", "value": "198.56.248.117" }, { "category": "Network activity", "comment": "Meterpreter RHTTP", "deleted": false, "disable_correlation": false, "timestamp": "1489175368", "to_ids": true, "type": "ip-dst", "uuid": "58c30348-3fe0-48d8-bd6b-498902de0b81", "value": "62.109.8.21" }, { "category": "Network activity", "comment": "Meterpreter RHTTP", "deleted": false, "disable_correlation": false, "timestamp": "1489175369", "to_ids": true, "type": "ip-dst", "uuid": "58c30349-afd4-4524-a197-4f5f02de0b81", "value": "65.112.221.34" }, { "category": "Network activity", "comment": "Meterpreter RHTTP", "deleted": false, "disable_correlation": false, "timestamp": "1489175370", "to_ids": true, "type": "ip-dst", "uuid": "58c3034a-13b4-4dea-9328-4ccb02de0b81", "value": "88.160.254.183" }, { "category": "Network activity", "comment": "SHA1 Hashtag", "deleted": false, "disable_correlation": false, "timestamp": "1489175433", "to_ids": true, "type": "url", "uuid": "58c30389-5158-43db-92ff-4ae402de0b81", "value": "http://212.83.186.207/?i=" }, { "category": "Network activity", "comment": "Layers of Obfuscation", "deleted": false, "disable_correlation": false, "timestamp": "1489175467", "to_ids": true, "type": "url", "uuid": "58c303ab-575c-4649-8bb3-4c4002de0b81", "value": "http://ec2-35-167-185-55.us-west-2.compute.amazonaws.com:8080/anSfrf" }, { "category": "Network activity", "comment": "AMSI Bypass", "deleted": false, "disable_correlation": false, "timestamp": "1489175490", "to_ids": true, "type": "url", "uuid": "58c303c2-f874-457c-8b39-46f202de0b81", "value": "http://35.165.38.15:80/login/process.php" }, { "category": "Network activity", "comment": "AMSI Bypass", "deleted": false, "disable_correlation": false, "timestamp": "1489175491", "to_ids": true, "type": "url", "uuid": "58c303c3-17bc-42ec-b86e-413e02de0b81", "value": "http://amazonsdeliveries.com:80/account/login.php" }, { "category": "Network activity", "comment": "AMSI Bypass", "deleted": false, "disable_correlation": false, "timestamp": "1489175492", "to_ids": true, "type": "url", "uuid": "58c303c4-ce1c-436d-9db9-4e4202de0b81", "value": "http://35.164.97.4:80/admin/get.php" }, { "category": "Network activity", "comment": "AMSI Bypass", "deleted": false, "disable_correlation": false, "timestamp": "1489175493", "to_ids": true, "type": "url", "uuid": "58c303c5-1d14-4175-b8e1-438002de0b81", "value": "http://162.253.133.189:443/login/process.php" }, { "category": "Network activity", "comment": "AMSI Bypass", "deleted": false, "disable_correlation": false, "timestamp": "1489175494", "to_ids": true, "type": "url", "uuid": "58c303c6-f5f8-402d-9d98-465d02de0b81", "value": "http://162.253.133.189:443/admin/get.php" }, { "category": "Network activity", "comment": "PowerWorm", "deleted": false, "disable_correlation": false, "timestamp": "1489175510", "to_ids": true, "type": "url", "uuid": "58c303d6-5398-4638-8472-475102de0b81", "value": "http://powerwormjqj42hu.onion/get.php?s=setup&" }, { "category": "Network activity", "comment": "Downloader Kraken", "deleted": false, "disable_correlation": false, "timestamp": "1489175536", "to_ids": true, "type": "url", "uuid": "58c303f0-a098-4bef-8dd5-40d202de0b81", "value": "http://kulup.isikun.edu.tr/Kraken.jpg" }, { "category": "Network activity", "comment": "Downloader Proxy", "deleted": false, "disable_correlation": false, "timestamp": "1489175556", "to_ids": true, "type": "url", "uuid": "58c30404-6e78-4b65-963e-487102de0b81", "value": "http://54.213.195.138/s2.txt?u=" }, { "category": "Network activity", "comment": "Downloader Proxy", "deleted": false, "disable_correlation": false, "timestamp": "1489175557", "to_ids": true, "type": "url", "uuid": "58c30405-e940-4c9a-8609-495f02de0b81", "value": "http://www.bcbs-arizona.org/s2.txt?u=" }, { "category": "Network activity", "comment": "Downloader Proxy", "deleted": false, "disable_correlation": false, "timestamp": "1489175558", "to_ids": true, "type": "url", "uuid": "58c30406-01b8-4c4c-90b5-408902de0b81", "value": "http://www.bcbsarizona.org/s2.txt?u=" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175576", "to_ids": true, "type": "hostname", "uuid": "58c30418-8014-4f64-929c-417b02de0b81", "value": "l.ns.topbrains.pl" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175577", "to_ids": true, "type": "hostname", "uuid": "58c30419-31b8-4207-9409-41ef02de0b81", "value": "p.s.os.ns.rankingplac.pl" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175578", "to_ids": true, "type": "hostname", "uuid": "58c3041a-0030-48af-b220-4fef02de0b81", "value": "l.ns.huawel.ro" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175579", "to_ids": true, "type": "hostname", "uuid": "58c3041b-6968-4648-9cd5-458602de0b81", "value": "p.s.pn.ns.sse.net.pl" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175580", "to_ids": true, "type": "hostname", "uuid": "58c3041c-b4c0-457f-bd72-46d002de0b81", "value": "p.s.rk.ns.rankingplac.pl" }, { "category": "Network activity", "comment": "TXT C2", "deleted": false, "disable_correlation": false, "timestamp": "1489175581", "to_ids": true, "type": "hostname", "uuid": "58c3041d-ef0c-4efd-a910-4f3302de0b81", "value": "p.s.w2.ns.rankingplac.pl" }, { "category": "Network activity", "comment": "BITSTransfer", "deleted": false, "disable_correlation": false, "timestamp": "1489175597", "to_ids": true, "type": "url", "uuid": "58c3042d-e7f4-4ab3-81fb-417902de0b81", "value": "http://94.102.50.39/keyt.exe" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175666", "to_ids": true, "type": "url", "uuid": "58c30472-a2f8-40f5-870b-421a02de0b81", "value": "http://84.200.84.187/Google Update Check.html" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175667", "to_ids": true, "type": "url", "uuid": "58c30473-f550-4671-94d7-428302de0b81", "value": "http://52.183.79.94:80/TYBMkTfsQ" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175668", "to_ids": true, "type": "url", "uuid": "58c30474-32a8-429c-a995-428702de0b81", "value": "http://76.74.127.38/default-nco.html" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175670", "to_ids": true, "type": "url", "uuid": "58c30476-ee10-4aa6-872c-431602de0b81", "value": "https://wowyy.ga/counter.php?c=pdfxpl+" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175671", "to_ids": true, "type": "url", "uuid": "58c30477-5194-4e68-a5a8-483a02de0b81", "value": "http://192.168.137.241:8080/" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175672", "to_ids": true, "type": "url", "uuid": "58c30478-fa2c-41ec-8cef-447202de0b81", "value": "http://91.120.23.152/wizz.txt" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175673", "to_ids": true, "type": "url", "uuid": "58c30479-28b8-4837-91c4-435202de0b81", "value": "http://93.171.205.35:8080/" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175674", "to_ids": true, "type": "url", "uuid": "58c3047a-7460-4d13-9253-4bb502de0b81", "value": "http://cannot.loginto.me/googlehelper.ps1" }, { "category": "Network activity", "comment": "Downloader IEXDS", "deleted": false, "disable_correlation": false, "timestamp": "1489175675", "to_ids": true, "type": "url", "uuid": "58c3047b-5d80-4b9e-bc0e-47e202de0b81", "value": "https://invesco.online/aaa" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175714", "to_ids": true, "type": "url", "uuid": "58c304a2-c920-48e8-8b03-4ca602de0b81", "value": "http://198.50.137.173/a.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175715", "to_ids": true, "type": "url", "uuid": "58c304a3-0de8-4565-aeca-44f902de0b81", "value": "http://201.130.72.171/andac.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175716", "to_ids": true, "type": "url", "uuid": "58c304a4-b17c-411a-bd19-4f5d02de0b81", "value": "http://worldnit.com/miracle.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175718", "to_ids": true, "type": "url", "uuid": "58c304a6-858c-4afc-b6a7-437202de0b81", "value": "http://www.amspeconline.com/123/nana.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175719", "to_ids": true, "type": "url", "uuid": "58c304a7-4d6c-427a-bbaf-4f9402de0b81", "value": "http://198.50.137.173/b.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175720", "to_ids": true, "type": "url", "uuid": "58c304a8-c404-4758-97fe-413602de0b81", "value": "http://31.184.234.74/crypted/1080qw.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175721", "to_ids": true, "type": "url", "uuid": "58c304a9-b9c4-434e-a2d8-44e902de0b81", "value": "http://alonqood.com/abacom.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175722", "to_ids": true, "type": "url", "uuid": "58c304aa-4814-4706-b5e5-43e702de0b81", "value": "http://alonqood.com/ezeke.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175723", "to_ids": true, "type": "url", "uuid": "58c304ab-9e88-4d87-9ae0-405102de0b81", "value": "http://alonqood.com/lumia.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175724", "to_ids": true, "type": "url", "uuid": "58c304ac-5944-4807-88fe-4e2a02de0b81", "value": "http://alonqood.com/nano.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175725", "to_ids": true, "type": "url", "uuid": "58c304ad-4710-4d73-8360-425202de0b81", "value": "http://alonqood.com/obi.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175726", "to_ids": true, "type": "url", "uuid": "58c304ae-00e0-4b1a-aba4-4c2602de0b81", "value": "http://snthostings.com/billing//includes/db/dannyfinal.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175727", "to_ids": true, "type": "url", "uuid": "58c304af-1238-447c-bb08-4ec602de0b81", "value": "http://worldnit.com/abu.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175728", "to_ids": true, "type": "url", "uuid": "58c304b0-c6ac-4eb8-b740-432002de0b81", "value": "http://worldnit.com/guyo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175729", "to_ids": true, "type": "url", "uuid": "58c304b1-9ad0-4227-ac10-485c02de0b81", "value": "http://worldnit.com/vc.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175730", "to_ids": true, "type": "url", "uuid": "58c304b2-933c-4d7e-83e4-443502de0b81", "value": "http://www.amspeconline.com/123/nach.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175731", "to_ids": true, "type": "url", "uuid": "58c304b3-a7b4-4182-9f5d-496e02de0b81", "value": "http://www.amspeconline.com/123/nazy.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175732", "to_ids": true, "type": "url", "uuid": "58c304b4-c8dc-41c1-a481-46af02de0b81", "value": "http://www.macwizinfo.com/zap/manage/may2.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175733", "to_ids": true, "type": "url", "uuid": "58c304b5-c070-4eee-b76e-41db02de0b81", "value": "https://a.pomf.cat/bvudaf.exe" }, { "category": "Network activity", "comment": "Downloader DFSP DPL", "deleted": false, "disable_correlation": false, "timestamp": "1489175734", "to_ids": true, "type": "url", "uuid": "58c304b6-da1c-4692-8f4c-4da302de0b81", "value": "https://a.pomf.cat/qebhhu.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175753", "to_ids": true, "type": "url", "uuid": "58c304c9-501c-4f71-bcda-4b3302de0b81", "value": "http://93.174.94.135/~kali/ketty.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175754", "to_ids": true, "type": "url", "uuid": "58c304ca-c8e4-483d-a5c7-4fc302de0b81", "value": "http://94.102.52.13/~yahoo/stchost.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175755", "to_ids": true, "type": "url", "uuid": "58c304cb-01ec-454b-992a-4e1d02de0b81", "value": "http://93.174.94.137/~rama/jusched.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175756", "to_ids": true, "type": "url", "uuid": "58c304cc-90f8-4ec0-bea1-4c5602de0b81", "value": "http://94.102.52.13/~harvy/scvhost.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175757", "to_ids": true, "type": "url", "uuid": "58c304cd-56b4-4a7c-b09a-461802de0b81", "value": "http://10.10.01.10/bahoo/stchost.exe" }, { "category": "Network activity", "comment": "Downloader DFSP 2X", "deleted": false, "disable_correlation": false, "timestamp": "1489175758", "to_ids": true, "type": "url", "uuid": "58c304ce-f654-4fb5-9073-464b02de0b81", "value": "http://93.174.94.135/~harvy/verfgt.exe" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175896", "to_ids": true, "type": "url", "uuid": "58c30558-3a64-4a4e-8a62-490302de0b81", "value": "http://95.211.139.88:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175897", "to_ids": true, "type": "url", "uuid": "58c30559-a8f8-488f-bdca-402602de0b81", "value": "https://46.101.90.248:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175897", "to_ids": true, "type": "url", "uuid": "58c30559-a8f8-4350-aa7b-458702de0b81", "value": "http://microsoft-update7.myvnc.com:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175898", "to_ids": true, "type": "url", "uuid": "58c3055a-6a84-4e22-a6a9-4e2a02de0b81", "value": "http://145.131.7.190:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175900", "to_ids": true, "type": "url", "uuid": "58c3055c-19bc-4f16-b6d7-403802de0b81", "value": "https://52.39.227.108:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175901", "to_ids": true, "type": "url", "uuid": "58c3055d-9e58-4fa5-99d2-4f8902de0b81", "value": "http://vanesa.ddns.net:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175902", "to_ids": true, "type": "url", "uuid": "58c3055e-8648-4315-a471-422102de0b81", "value": "http://polygon.1dn0.xyz/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175903", "to_ids": true, "type": "url", "uuid": "58c3055f-c210-41ab-b60c-447b02de0b81", "value": "http://159.203.18.172:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175904", "to_ids": true, "type": "url", "uuid": "58c30560-ed78-41d4-9de5-466702de0b81", "value": "https://dsecti0n.gotdns.ch:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175905", "to_ids": true, "type": "url", "uuid": "58c30561-63a8-47c6-9342-46cc02de0b81", "value": "https://69.20.66.229:9443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175906", "to_ids": true, "type": "url", "uuid": "58c30562-b708-4088-8cc8-4cfc02de0b81", "value": "https://50.3.74.72:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175907", "to_ids": true, "type": "url", "uuid": "58c30563-5dd8-4f0d-874b-4bb602de0b81", "value": "https://205.232.71.92:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175908", "to_ids": true, "type": "url", "uuid": "58c30564-5bf8-468c-9eba-4bbc02de0b81", "value": "http://hop.wellsfargolegal.com/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175909", "to_ids": true, "type": "url", "uuid": "58c30565-c7dc-4ca0-ab43-41c502de0b81", "value": "http://ciagov.gotdns.ch:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175910", "to_ids": true, "type": "url", "uuid": "58c30566-2620-4a73-9635-4b8002de0b81", "value": "http://chgvaswks045.efgz.efg.corp:888/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175911", "to_ids": true, "type": "url", "uuid": "58c30567-c740-44b6-b34c-440c02de0b81", "value": "http://ads.mygoogle-analytics.com:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175912", "to_ids": true, "type": "url", "uuid": "58c30568-4748-4205-9f6e-4f8802de0b81", "value": "http://84.200.84.185:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175913", "to_ids": true, "type": "url", "uuid": "58c30569-7ac8-449f-8898-495d02de0b81", "value": "http://84.14.146.74:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175914", "to_ids": true, "type": "url", "uuid": "58c3056a-b9b0-4723-84cb-442e02de0b81", "value": "http://66.11.115.25:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175915", "to_ids": true, "type": "url", "uuid": "58c3056b-98c8-4ad4-8fa3-46fd02de0b81", "value": "http://64.137.176.174:12345/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175916", "to_ids": true, "type": "url", "uuid": "58c3056c-a288-4291-ace8-430f02de0b81", "value": "http://52.28.242.165:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175917", "to_ids": true, "type": "url", "uuid": "58c3056d-7044-4a58-96a7-4ca702de0b81", "value": "http://52.19.131.17:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175918", "to_ids": true, "type": "url", "uuid": "58c3056e-744c-4286-bf99-470302de0b81", "value": "http://23.239.12.15:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175919", "to_ids": true, "type": "url", "uuid": "58c3056f-d424-4ac5-8514-443b02de0b81", "value": "http://212.99.114.202:443/count.php?user=" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175920", "to_ids": true, "type": "url", "uuid": "58c30570-88d4-4aa8-9f16-413e02de0b81", "value": "http://188.68.59.11:8081/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175921", "to_ids": true, "type": "url", "uuid": "58c30571-b920-4b2f-a0e9-47b302de0b81", "value": "http://185.117.72.45:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175922", "to_ids": true, "type": "url", "uuid": "58c30572-eee8-4e68-bc98-4fa102de0b81", "value": "http://163.172.175.132:8089/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175923", "to_ids": true, "type": "url", "uuid": "58c30573-2f08-477e-9bb4-49bf02de0b81", "value": "http://159.203.89.248:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175924", "to_ids": true, "type": "url", "uuid": "58c30574-dd58-47c1-83e9-436f02de0b81", "value": "http://14.144.144.66:8081/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175925", "to_ids": true, "type": "url", "uuid": "58c30575-a420-4f56-ad1e-4c6f02de0b81", "value": "http://103.238.227.201:7788/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175926", "to_ids": true, "type": "url", "uuid": "58c30576-2d68-490b-9782-443502de0b81", "value": "https://www.enterprizehost.com:9443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175927", "to_ids": true, "type": "url", "uuid": "58c30577-9b18-4551-b0f0-4ccc02de0b81", "value": "https://sixeight.av-update.com:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175928", "to_ids": true, "type": "url", "uuid": "58c30578-a908-4d42-8494-43ba02de0b81", "value": "https://remote-01.web-access.us/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175929", "to_ids": true, "type": "url", "uuid": "58c30579-e658-4b3b-b503-488802de0b81", "value": "https://msauth.net/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175930", "to_ids": true, "type": "url", "uuid": "58c3057a-e8a4-4748-bcd4-47e902de0b81", "value": "https://metrowifi.no-ip.org:8443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175931", "to_ids": true, "type": "url", "uuid": "58c3057b-6bc4-4e0f-8e56-442f02de0b81", "value": "https://megalon.trustwave.com:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175932", "to_ids": true, "type": "url", "uuid": "58c3057c-8220-450c-af01-48a702de0b81", "value": "https://mail.microsoft-invites.com/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175933", "to_ids": true, "type": "url", "uuid": "58c3057d-b430-4db6-9357-40f302de0b81", "value": "https://logexpert.eu/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175934", "to_ids": true, "type": "url", "uuid": "58c3057e-9d70-4993-8062-45b802de0b81", "value": "https://host-101.ipsec.io/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175935", "to_ids": true, "type": "url", "uuid": "58c3057f-9d18-4940-ab3b-41b902de0b81", "value": "https://93.176.84.45:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175936", "to_ids": true, "type": "url", "uuid": "58c30580-aaa4-4f2e-8d52-4f4a02de0b81", "value": "https://93.176.84.34:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175937", "to_ids": true, "type": "url", "uuid": "58c30581-48cc-4a37-9192-48e202de0b81", "value": "https://66.60.224.82:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175938", "to_ids": true, "type": "url", "uuid": "58c30582-01f0-4220-8197-4cf902de0b81", "value": "https://66.192.70.39:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175939", "to_ids": true, "type": "url", "uuid": "58c30583-7d94-4660-9fd7-49f002de0b81", "value": "https://66.192.70.38:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175940", "to_ids": true, "type": "url", "uuid": "58c30584-512c-4f30-9354-43a202de0b81", "value": "https://52.86.125.177:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175941", "to_ids": true, "type": "url", "uuid": "58c30585-1ce0-4744-99fd-403a02de0b81", "value": "https://50.251.57.67:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175942", "to_ids": true, "type": "url", "uuid": "58c30586-ac80-489a-a854-46d302de0b81", "value": "https://46.101.203.156:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175943", "to_ids": true, "type": "url", "uuid": "58c30587-b3c4-4c82-902c-402802de0b81", "value": "https://46.101.185.146:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175944", "to_ids": true, "type": "url", "uuid": "58c30588-8bc8-4215-bf80-4e6302de0b81", "value": "https://45.63.109.205:8443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175945", "to_ids": true, "type": "url", "uuid": "58c30589-e01c-4fea-aa07-45a902de0b81", "value": "https://172.30.18.11:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175946", "to_ids": true, "type": "url", "uuid": "58c3058a-3864-4e5e-8c38-47fa02de0b81", "value": "https://146.148.58.157:8088/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175947", "to_ids": true, "type": "url", "uuid": "58c3058b-ec7c-4443-9f42-4a3a02de0b81", "value": "https://108.61.211.36/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175948", "to_ids": true, "type": "url", "uuid": "58c3058c-d198-430e-90d4-497d02de0b81", "value": "https://107.170.132.24:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175949", "to_ids": true, "type": "url", "uuid": "58c3058d-6d40-4007-98d9-4e9a02de0b81", "value": "https://104.131.182.177:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175950", "to_ids": true, "type": "url", "uuid": "58c3058e-8054-4a05-ac3e-486902de0b81", "value": "http://sparta34.no-ip.biz:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175951", "to_ids": true, "type": "url", "uuid": "58c3058f-7eb4-4ecb-99e0-451502de0b81", "value": "http://securetx.ddns.net:3333/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175952", "to_ids": true, "type": "url", "uuid": "58c30590-f6cc-493a-9449-470d02de0b81", "value": "http://pie32.mooo.com:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175953", "to_ids": true, "type": "url", "uuid": "58c30591-fffc-4f77-83a0-46a902de0b81", "value": "http://m.jdirving.email:21/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175954", "to_ids": true, "type": "url", "uuid": "58c30592-d8cc-40aa-be53-4e4b02de0b81", "value": "http://kooks.ddns.net:4444:4444/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175955", "to_ids": true, "type": "url", "uuid": "58c30593-2e38-4640-a08d-4d1302de0b81", "value": "http://kernel32.ddns.net:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175956", "to_ids": true, "type": "url", "uuid": "58c30594-70cc-4cfa-98c0-4c4302de0b81", "value": "http://home.rzepka.se/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175957", "to_ids": true, "type": "url", "uuid": "58c30595-69b4-470f-a741-4b5b02de0b81", "value": "http://192.ho4x.com:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175958", "to_ids": true, "type": "url", "uuid": "58c30596-fbc4-4735-a5dc-487402de0b81", "value": "http://ec2-35-167-185-55.us-west-2.compute.amazonaws.com:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175959", "to_ids": true, "type": "url", "uuid": "58c30597-d934-4766-ac02-423c02de0b81", "value": "http://amazonsdeliveries.com/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175959", "to_ids": true, "type": "url", "uuid": "58c30597-31dc-42e1-b3b9-4e5002de0b81", "value": "http://ahyses.ddns.net:4444/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175960", "to_ids": true, "type": "url", "uuid": "58c30598-6c34-453a-8037-40f102de0b81", "value": "http://98.103.103.170:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175961", "to_ids": true, "type": "url", "uuid": "58c30599-f630-4d25-904c-4d9702de0b81", "value": "http://98.103.103.168:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175962", "to_ids": true, "type": "url", "uuid": "58c3059a-97b0-4e23-9a60-498602de0b81", "value": "http://93.187.43.200:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175963", "to_ids": true, "type": "url", "uuid": "58c3059b-26cc-4df5-a15b-4b9702de0b81", "value": "http://84.200.2.13:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175963", "to_ids": true, "type": "url", "uuid": "58c3059b-4d10-4dda-855e-4f5d02de0b81", "value": "http://78.229.133.134:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175964", "to_ids": true, "type": "url", "uuid": "58c3059c-8b7c-4097-ad97-46d502de0b81", "value": "http://68.66.9.76/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175965", "to_ids": true, "type": "url", "uuid": "58c3059d-52ac-4f53-ac9e-4a5f02de0b81", "value": "http://52.36.245.145:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175966", "to_ids": true, "type": "url", "uuid": "58c3059e-3490-4e62-9870-40c902de0b81", "value": "http://52.28.250.99:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175967", "to_ids": true, "type": "url", "uuid": "58c3059f-3c3c-4e9b-9fe0-497f02de0b81", "value": "http://52.196.119.113:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175968", "to_ids": true, "type": "url", "uuid": "58c305a0-8124-41e9-844d-4fa602de0b81", "value": "http://50.251.57.67:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175969", "to_ids": true, "type": "url", "uuid": "58c305a1-8c64-44cb-86d7-45ec02de0b81", "value": "http://47.88.17.109:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175970", "to_ids": true, "type": "url", "uuid": "58c305a2-f4b8-44b6-b8ea-4c1302de0b81", "value": "http://46.246.87.205/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175971", "to_ids": true, "type": "url", "uuid": "58c305a3-8c74-497e-9f50-41d202de0b81", "value": "http://41.230.232.65:5552:5552/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175972", "to_ids": true, "type": "url", "uuid": "58c305a4-6e18-4919-aa4d-437902de0b81", "value": "http://24.111.1.135:22/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175973", "to_ids": true, "type": "url", "uuid": "58c305a5-f988-4801-9ee9-4fa502de0b81", "value": "http://23.116.90.9:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175974", "to_ids": true, "type": "url", "uuid": "58c305a6-f868-4c54-9f5a-47a202de0b81", "value": "http://222.230.139.166:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175975", "to_ids": true, "type": "url", "uuid": "58c305a7-bcc4-4be2-b178-446302de0b81", "value": "http://197.85.191.186:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175975", "to_ids": true, "type": "url", "uuid": "58c305a7-b1ac-489d-b7cf-4d7702de0b81", "value": "http://197.85.191.186:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175976", "to_ids": true, "type": "url", "uuid": "58c305a8-e864-4858-9e53-434002de0b81", "value": "http://192.241.129.69:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175977", "to_ids": true, "type": "url", "uuid": "58c305a9-8cb8-4583-9777-447502de0b81", "value": "http://191.101.31.118:8081/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175978", "to_ids": true, "type": "url", "uuid": "58c305aa-290c-4209-8acf-487b02de0b81", "value": "http://187.228.46.144:8888/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175979", "to_ids": true, "type": "url", "uuid": "58c305ab-9ed8-4c35-b47c-490502de0b81", "value": "http://187.177.151.80:12345/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175980", "to_ids": true, "type": "url", "uuid": "58c305ac-4230-422e-bd08-411a02de0b81", "value": "http://166.78.124.106:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175981", "to_ids": true, "type": "url", "uuid": "58c305ad-72d0-420a-9197-46a702de0b81", "value": "http://163.172.151.90:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175982", "to_ids": true, "type": "url", "uuid": "58c305ae-e854-4040-b8fd-4dc302de0b81", "value": "http://149.56.178.124:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175983", "to_ids": true, "type": "url", "uuid": "58c305af-ebf4-48ac-8b99-409102de0b81", "value": "http://139.59.12.202:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175984", "to_ids": true, "type": "url", "uuid": "58c305b0-b98c-429e-92fa-49e002de0b81", "value": "http://138.121.170.12:500/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175985", "to_ids": true, "type": "url", "uuid": "58c305b1-cc30-41a5-b3e7-429702de0b81", "value": "http://138.121.170.12:3138/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175986", "to_ids": true, "type": "url", "uuid": "58c305b2-26fc-4127-a66a-468d02de0b81", "value": "http://138.121.170.12:3137/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175986", "to_ids": true, "type": "url", "uuid": "58c305b2-fec4-4616-9ee1-4a5e02de0b81", "value": "http://138.121.170.12:3136/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175987", "to_ids": true, "type": "url", "uuid": "58c305b3-6384-4940-970a-4dbc02de0b81", "value": "http://138.121.170.12:3135/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175988", "to_ids": true, "type": "url", "uuid": "58c305b4-3cf4-4d47-9efa-465a02de0b81", "value": "http://138.121.170.12:3133/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175989", "to_ids": true, "type": "url", "uuid": "58c305b5-1470-4afa-b1ac-49e102de0b81", "value": "http://138.121.170.12:3031/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175990", "to_ids": true, "type": "url", "uuid": "58c305b6-8cdc-4723-b84f-4f5a02de0b81", "value": "http://137.117.188.120:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175991", "to_ids": true, "type": "url", "uuid": "58c305b7-f698-4026-8cdd-427f02de0b81", "value": "http://11.79.40.53:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175991", "to_ids": true, "type": "url", "uuid": "58c305b7-df6c-4aa5-bd52-435702de0b81", "value": "http://108.61.217.22:443/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175992", "to_ids": true, "type": "url", "uuid": "58c305b8-fd00-4154-a70c-443b02de0b81", "value": "http://104.233.102.23:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175993", "to_ids": true, "type": "url", "uuid": "58c305b9-f6b8-4c16-8b50-44d502de0b81", "value": "http://104.145.225.3:8081/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175994", "to_ids": true, "type": "url", "uuid": "58c305ba-a070-45fc-821c-4c9102de0b81", "value": "http://104.131.154.119:8080/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175995", "to_ids": true, "type": "url", "uuid": "58c305bb-aaa0-46c0-88c4-496d02de0b81", "value": "http://104.130.51.215:80/index.asp" }, { "category": "Network activity", "comment": "PowerShell Empire", "deleted": false, "disable_correlation": false, "timestamp": "1489175995", "to_ids": true, "type": "url", "uuid": "58c305bb-c840-4625-b8ac-4ad202de0b81", "value": "http://100.100.100.100:8080/index.asp" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176067", "to_ids": true, "type": "url", "uuid": "58c30603-1cbc-4ef1-9685-44c402de0b81", "value": "http://94.102.53.238/~yahoo/csrsv.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176068", "to_ids": true, "type": "url", "uuid": "58c30604-9ff8-4de8-950f-431002de0b81", "value": "http://89.248.170.218/~yahoo/csrsv.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176069", "to_ids": true, "type": "url", "uuid": "58c30605-781c-4fd9-8f41-4c7702de0b81", "value": "http://94.102.58.30/~trevor/winx64.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176069", "to_ids": true, "type": "url", "uuid": "58c30605-0b8c-4739-8b68-461102de0b81", "value": "http://80.82.64.45/~yakar/msvmonr.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176070", "to_ids": true, "type": "url", "uuid": "58c30606-be0c-4d62-ac0d-420f02de0b81", "value": "http://89.248.166.140/~zebra/iesecv.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176071", "to_ids": true, "type": "url", "uuid": "58c30607-9b68-493b-a7ae-401e02de0b81", "value": "http://cajos.in/0x/1.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176072", "to_ids": true, "type": "url", "uuid": "58c30608-5b9c-4ae9-a4e8-409b02de0b81", "value": "http://93.174.94.137/~karma/scvhost.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176073", "to_ids": true, "type": "url", "uuid": "58c30609-4af4-44df-a1d5-484f02de0b81", "value": "http://ddl7.data.hu/get/0/9507148/Patload.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176074", "to_ids": true, "type": "url", "uuid": "58c3060a-c508-4119-99e0-451402de0b81", "value": "http://nikil.tk/p1/Pa_001.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176075", "to_ids": true, "type": "url", "uuid": "58c3060b-fcd4-4d56-978e-4be402de0b81", "value": "http://185.45.193.17/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176076", "to_ids": true, "type": "url", "uuid": "58c3060c-84b0-4757-915f-424502de0b81", "value": "http://185.141.27.28/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176077", "to_ids": true, "type": "url", "uuid": "58c3060d-e590-4f17-97f6-4b5e02de0b81", "value": "https://a.pomf.cat/xsakpo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176078", "to_ids": true, "type": "url", "uuid": "58c3060e-f64c-4503-a8a0-4db402de0b81", "value": "http://185.141.27.35/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176079", "to_ids": true, "type": "url", "uuid": "58c3060f-a8d0-49c1-9b60-415502de0b81", "value": "http://www.macwizinfo.com/updates/anna.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176080", "to_ids": true, "type": "url", "uuid": "58c30610-c99c-40c5-a9d3-4b2202de0b81", "value": "http://worldnit.com/opera.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176081", "to_ids": true, "type": "url", "uuid": "58c30611-f9c4-4529-a937-488f02de0b81", "value": "http://doc.cherrycoffeeequipment.com/nw/logo.png" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176082", "to_ids": true, "type": "url", "uuid": "58c30612-79f8-4366-8f25-43e402de0b81", "value": "http://185.141.25.142/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176083", "to_ids": true, "type": "url", "uuid": "58c30613-9398-4630-b5a7-41b602de0b81", "value": "http://185.117.75.43/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176084", "to_ids": true, "type": "url", "uuid": "58c30614-1320-494e-9c7f-4efe02de0b81", "value": "http://185.106.122.64/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176084", "to_ids": true, "type": "url", "uuid": "58c30614-5cdc-469c-a9e8-438102de0b81", "value": "http://185.141.25.243/file.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176085", "to_ids": true, "type": "url", "uuid": "58c30615-8838-40ba-9301-480a02de0b81", "value": "http://185.141.27.32/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176085", "to_ids": true, "type": "url", "uuid": "58c30615-7608-4bee-a4e3-4e9702de0b81", "value": "http://185.141.27.34/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176086", "to_ids": true, "type": "url", "uuid": "58c30616-6e50-48ba-85f0-40d602de0b81", "value": "http://andersonken4791.pserver.ru/doc.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176087", "to_ids": true, "type": "url", "uuid": "58c30617-78d8-43b1-832f-46b402de0b81", "value": "http://boisedelariviere.com/backup/css/newconfig.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176088", "to_ids": true, "type": "url", "uuid": "58c30618-4740-4fe7-87b3-43ae02de0b81", "value": "http://brokelimiteds.in/wp-admin/css/upload/Order.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176088", "to_ids": true, "type": "url", "uuid": "58c30618-6b28-444d-984c-4e0902de0b81", "value": "http://ddl7.data.hu/get/0/9499830/money.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176089", "to_ids": true, "type": "url", "uuid": "58c30619-38e8-4b79-929d-49dc02de0b81", "value": "http://fetzhost.net/files/044ae4aa5e0f2e8df02bd41bdc2670b0.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176089", "to_ids": true, "type": "url", "uuid": "58c30619-1edc-4cab-9c02-415902de0b81", "value": "http://hnng.moe/f/InX" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176090", "to_ids": true, "type": "url", "uuid": "58c3061a-c500-4983-b816-498b02de0b81", "value": "http://hnng.moe/f/Iot" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176090", "to_ids": true, "type": "url", "uuid": "58c3061a-f814-4a4f-a990-4d1702de0b81", "value": "http://labid.com.my/m/m1.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176091", "to_ids": true, "type": "url", "uuid": "58c3061b-269c-4d0b-abe9-4d6d02de0b81", "value": "http://labid.com.my/power/powex.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176091", "to_ids": true, "type": "url", "uuid": "58c3061b-527c-4e15-bcef-470c02de0b81", "value": "http://labid.com.my/spe/spendy.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176092", "to_ids": true, "type": "url", "uuid": "58c3061c-7c9c-4abf-b2d8-4e1402de0b81", "value": "http://lvrxd.3eeweb.com/nano/Calculator.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176093", "to_ids": true, "type": "url", "uuid": "58c3061d-4bd0-4301-8441-432402de0b81", "value": "http://matkalv.5gbfree.com/loso/fasoo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176094", "to_ids": true, "type": "url", "uuid": "58c3061e-6460-4c89-80a8-487102de0b81", "value": "http://net.gethost.pw/windro.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176094", "to_ids": true, "type": "url", "uuid": "58c3061e-4ad4-4ba9-b46d-4f2a02de0b81", "value": "http://nikil.tk/i1/iz_001.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176095", "to_ids": true, "type": "url", "uuid": "58c3061f-6470-4051-b459-4ac002de0b81", "value": "http://rgho.st/68lJcGFLW" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176095", "to_ids": true, "type": "url", "uuid": "58c3061f-2e1c-4cc6-998a-4fe802de0b81", "value": "http://rgho.st/6hrkjYlX4" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176096", "to_ids": true, "type": "url", "uuid": "58c30620-9178-4ba5-8450-421b02de0b81", "value": "http://toxicsolutions.ru/upload/praisefud.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176096", "to_ids": true, "type": "url", "uuid": "58c30620-6678-43db-8b36-489702de0b81", "value": "http://worldnit.com/KUKU.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176096", "to_ids": true, "type": "url", "uuid": "58c30620-b4a4-446d-a5fd-45eb02de0b81", "value": "http://worldnit.com/kundelo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176097", "to_ids": true, "type": "url", "uuid": "58c30621-0a58-4fa7-a723-4a8102de0b81", "value": "http://worldnit.com/operamini.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176097", "to_ids": true, "type": "url", "uuid": "58c30621-4a4c-4f0e-a522-415702de0b81", "value": "http://www.wealthandhealthops.com/modules/mod_easyblogquickpost/lawdsijdoef.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176098", "to_ids": true, "type": "url", "uuid": "58c30622-e56c-49b3-a7bc-483902de0b81", "value": "https://a.pomf.cat/drktzz.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176099", "to_ids": true, "type": "url", "uuid": "58c30623-6090-48c3-80da-48e302de0b81", "value": "https://a.pomf.cat/dwnysn.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176100", "to_ids": true, "type": "url", "uuid": "58c30624-bb30-4aef-ad95-42b402de0b81", "value": "https://a.pomf.cat/hsmqrh.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176100", "to_ids": true, "type": "url", "uuid": "58c30624-20b4-4731-bb39-454002de0b81", "value": "https://a.pomf.cat/mjnspx.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176101", "to_ids": true, "type": "url", "uuid": "58c30625-f13c-45d7-b693-4bf802de0b81", "value": "https://a.pomf.cat/pabfzv.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176101", "to_ids": true, "type": "url", "uuid": "58c30625-bec4-46d8-80e4-4edc02de0b81", "value": "https://a.pomf.cat/qolcls.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176102", "to_ids": true, "type": "url", "uuid": "58c30626-f024-4934-82c9-47e202de0b81", "value": "https://a.pomf.cat/tpaesb.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176102", "to_ids": true, "type": "url", "uuid": "58c30626-cbbc-4826-8976-46fc02de0b81", "value": "https://a.pomf.cat/ultxkr.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176103", "to_ids": true, "type": "url", "uuid": "58c30627-2660-4ffe-81ec-430302de0b81", "value": "https://a.pomf.cat/vhcwbo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176103", "to_ids": true, "type": "url", "uuid": "58c30627-5220-405d-b0da-442802de0b81", "value": "https://a.pomf.cat/vjadwb.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176104", "to_ids": true, "type": "url", "uuid": "58c30628-ccc0-4d39-857a-496302de0b81", "value": "https://a.pomf.cat/wopkwj.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176104", "to_ids": true, "type": "url", "uuid": "58c30628-a9b0-4a17-b617-423502de0b81", "value": "https://a.pomf.cat/yspcsr.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176105", "to_ids": true, "type": "url", "uuid": "58c30629-f264-43f8-b8c4-432c02de0b81", "value": "https://www.dropbox.com/s/gx6kxkfi7ky2j6f/Dropbox.exe?dl=1" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176105", "to_ids": true, "type": "url", "uuid": "58c30629-b354-46b9-8358-474c02de0b81", "value": "https://www.dropbox.com/s/gx6kxkfi7ky2j6f/Dropbox.exe?dl=1" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176106", "to_ids": true, "type": "url", "uuid": "58c3062a-0e10-47b0-9bb6-42b802de0b81", "value": "http://185.106.122.62/file.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176107", "to_ids": true, "type": "url", "uuid": "58c3062b-6f34-4519-a43d-4eb102de0b81", "value": "http://185.45.193.169/update.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176107", "to_ids": true, "type": "url", "uuid": "58c3062b-75a4-4847-ac49-4a6d02de0b81", "value": "http://aircraftpns.com/_layout/images/sysmonitor.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176108", "to_ids": true, "type": "url", "uuid": "58c3062c-a848-4693-8860-416e02de0b81", "value": "http://allbestunlockerpro.com/flash.player.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176108", "to_ids": true, "type": "url", "uuid": "58c3062c-b068-446e-a6b5-419902de0b81", "value": "http://anonfile.xyz/f/3d0a4fb54941eb10214f3c1a5fb3ed99.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176109", "to_ids": true, "type": "url", "uuid": "58c3062d-4108-4f56-918c-47f502de0b81", "value": "http://anonfile.xyz/f/921e1b3c55168c2632318b6d22a7bfe6.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176109", "to_ids": true, "type": "url", "uuid": "58c3062d-b03c-43f0-bfa9-498d02de0b81", "value": "http://brokelimiteds.in/wp-admin/css/upload/ken1.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176111", "to_ids": true, "type": "url", "uuid": "58c3062f-ef68-4a16-ad9e-430602de0b81", "value": "http://danhviet.com.vn/app/p2.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176111", "to_ids": true, "type": "url", "uuid": "58c3062f-5174-4139-bcfd-471302de0b81", "value": "http://danhviet.com.vn/z/v/doc.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176112", "to_ids": true, "type": "url", "uuid": "58c30630-1eac-42ca-99d5-435d02de0b81", "value": "http://daratad.5gbfree.com/uses/word.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176112", "to_ids": true, "type": "url", "uuid": "58c30630-fa70-42be-a71b-467602de0b81", "value": "http://ddl2.data.hu/get/0/9589621/k000.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176113", "to_ids": true, "type": "url", "uuid": "58c30631-30f4-4a18-bf64-455702de0b81", "value": "http://ddl3.data.hu/get/0/9535517/yhaooo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176113", "to_ids": true, "type": "url", "uuid": "58c30632-8b90-42b6-93ad-451f02de0b81", "value": "http://ddl3.data.hu/get/0/9551162/ske.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176114", "to_ids": true, "type": "url", "uuid": "58c30633-1020-4ccd-91ce-44f202de0b81", "value": "http://ddl7.data.hu/get/0/9552103/PFIfdp.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176115", "to_ids": true, "type": "url", "uuid": "58c30633-8e54-47b8-b28f-4abc02de0b81", "value": "http://getlohnumceders.honor.es/kimt.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176116", "to_ids": true, "type": "url", "uuid": "58c30634-18ac-4e15-b27c-40de02de0b81", "value": "http://hinrichsen.de/assets/win1/win1.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176117", "to_ids": true, "type": "url", "uuid": "58c30635-d264-48f7-8806-431402de0b81", "value": "http://icbg-iq.com/Scripts/kinetics/categories/3rmax.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176117", "to_ids": true, "type": "url", "uuid": "58c30635-5380-4945-9f4a-4e5f02de0b81", "value": "http://khoun-legal.com/download/ctob.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176118", "to_ids": true, "type": "url", "uuid": "58c30636-4bac-4e22-a14d-401502de0b81", "value": "http://kiana.com/flowplayer/aquafresh.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176118", "to_ids": true, "type": "url", "uuid": "58c30636-4de0-49b0-b6fb-4ea602de0b81", "value": "http://kiana.com/flowplayer/aquafresh.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176119", "to_ids": true, "type": "url", "uuid": "58c30637-c948-4017-b818-457c02de0b81", "value": "http://matkalv.5gbfree.com/calab/calafile.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176120", "to_ids": true, "type": "url", "uuid": "58c30638-e680-40f5-85c8-446002de0b81", "value": "http://matkalv.5gbfree.com/noza/odeee.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176120", "to_ids": true, "type": "url", "uuid": "58c30638-8cac-4bf0-b8e8-46e602de0b81", "value": "http://matkalv.5gbfree.com/owee/owe.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176120", "to_ids": true, "type": "url", "uuid": "58c30638-27d8-4dbd-b925-42d202de0b81", "value": "http://matkalv.5gbfree.com/vosa/doc.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176121", "to_ids": true, "type": "url", "uuid": "58c30639-34c8-4795-aa8d-4a3902de0b81", "value": "http://nikil.tk/b1/bo_001.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176121", "to_ids": true, "type": "url", "uuid": "58c30639-7278-40df-adc1-458902de0b81", "value": "http://nikil.tk/k1/ik_001.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176122", "to_ids": true, "type": "url", "uuid": "58c3063a-3500-42c2-9728-401602de0b81", "value": "http://sukem.zapto.org/word.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176122", "to_ids": true, "type": "url", "uuid": "58c3063a-f32c-4911-939c-490a02de0b81", "value": "http://trolda.5gbfree.com/fosee/doc.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176123", "to_ids": true, "type": "url", "uuid": "58c3063b-950c-4462-a1f2-496102de0b81", "value": "http://worldnit.com/aba.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176123", "to_ids": true, "type": "url", "uuid": "58c3063b-abc8-4f21-80fe-458a02de0b81", "value": "http://worldnit.com/abacoss.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176124", "to_ids": true, "type": "url", "uuid": "58c3063c-0034-43f6-8062-4a9102de0b81", "value": "http://worldnit.com/abuchi.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176124", "to_ids": true, "type": "url", "uuid": "58c3063c-eccc-46cd-b57f-4db002de0b81", "value": "http://worldnit.com/com.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176125", "to_ids": true, "type": "url", "uuid": "58c3063d-3cdc-4f48-b8cd-4efa02de0b81", "value": "http://worldnit.com/compu.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176125", "to_ids": true, "type": "url", "uuid": "58c3063d-9d84-4e84-bcf3-4cab02de0b81", "value": "http://worldnit.com/comu.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176126", "to_ids": true, "type": "url", "uuid": "58c3063e-3cac-4db2-84c0-486102de0b81", "value": "http://worldnit.com/firefox32.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176127", "to_ids": true, "type": "url", "uuid": "58c3063f-e838-4fe3-8868-4efe02de0b81", "value": "http://worldnit.com/igbo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176127", "to_ids": true, "type": "url", "uuid": "58c3063f-9fdc-412e-9861-414102de0b81", "value": "http://worldnit.com/immo.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176128", "to_ids": true, "type": "url", "uuid": "58c30640-1414-406d-ab1b-483302de0b81", "value": "http://worldnit.com/kele.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176128", "to_ids": true, "type": "url", "uuid": "58c30640-0e94-401d-a112-48db02de0b81", "value": "http://worldnit.com/kelle.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176129", "to_ids": true, "type": "url", "uuid": "58c30641-4a84-4be4-a373-4cb602de0b81", "value": "http://worldnit.com/kells.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176130", "to_ids": true, "type": "url", "uuid": "58c30642-2f14-4658-8ecc-480f02de0b81", "value": "http://worldnit.com/nigga.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176131", "to_ids": true, "type": "url", "uuid": "58c30643-61a4-428b-a33f-422f02de0b81", "value": "http://worldnit.com/office.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176131", "to_ids": true, "type": "url", "uuid": "58c30643-dde8-44c8-9649-4ae702de0b81", "value": "http://worldnit.com/pony.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176132", "to_ids": true, "type": "url", "uuid": "58c30644-8e88-4fcf-8aa7-4ed202de0b81", "value": "http://worldnit.com/seccrypt.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176132", "to_ids": true, "type": "url", "uuid": "58c30645-6bac-4b95-9849-40db02de0b81", "value": "http://worldnit.com/sect.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176133", "to_ids": true, "type": "url", "uuid": "58c30645-0dd8-4b82-b20a-4df602de0b81", "value": "http://www.athensheartcenter.com/crm/cgi-bin/lnm.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176134", "to_ids": true, "type": "url", "uuid": "58c30646-6e0c-4a32-8d07-4ae502de0b81", "value": "http://www.bryonz.com/emotions/files/lnwe.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176134", "to_ids": true, "type": "url", "uuid": "58c30646-a9e0-4ecb-aaba-48ce02de0b81", "value": "http://www.fluidsystems.ml/P1/Pa_001.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176135", "to_ids": true, "type": "url", "uuid": "58c30647-2844-4319-bc3b-447e02de0b81", "value": "http://www.macwizinfo.com/updates/eter.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176136", "to_ids": true, "type": "url", "uuid": "58c30648-30f8-41a6-a9dd-4a7202de0b81", "value": "http://www.matrimonioadvisor.it/pariglia.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176136", "to_ids": true, "type": "url", "uuid": "58c30648-d464-44f9-bee9-4c0e02de0b81", "value": "http://www.matrimonioadvisor.it/pariglia.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176137", "to_ids": true, "type": "url", "uuid": "58c30649-c284-409d-8890-437102de0b81", "value": "http://www.pelicanlinetravels.com/images/xvcbkty.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176138", "to_ids": true, "type": "url", "uuid": "58c3064a-7a4c-4e6c-83d8-443202de0b81", "value": "http://www.telemedia.co.za/wp-content/ozone/slim.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176138", "to_ids": true, "type": "url", "uuid": "58c3064a-4fc8-49fe-8e35-4f4b02de0b81", "value": "http://www.wealthandhealthops.com/modules/mod_easybloglist/kntgszu.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176139", "to_ids": true, "type": "url", "uuid": "58c3064b-1168-484a-83da-48ec02de0b81", "value": "http://www.wvhmedicine.ru/1/P2.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176139", "to_ids": true, "type": "url", "uuid": "58c3064b-3368-435b-9771-462d02de0b81", "value": "https://1fichier.com/?hfshjhm0yf" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176140", "to_ids": true, "type": "url", "uuid": "58c3064c-c0c0-4fc0-9837-4f7202de0b81", "value": "https://1fichier.com/?v8w3g736hj" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176140", "to_ids": true, "type": "url", "uuid": "58c3064c-f154-4ce6-bf4e-4fc002de0b81", "value": "https://a.pomf.cat/jfyywz.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176141", "to_ids": true, "type": "url", "uuid": "58c3064d-1c28-4756-a978-44d802de0b81", "value": "https://a.pomf.cat/klckcp.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176141", "to_ids": true, "type": "url", "uuid": "58c3064d-6f98-4aa1-b69e-450602de0b81", "value": "https://a.pomf.cat/yhggkj.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176142", "to_ids": true, "type": "url", "uuid": "58c3064e-02c0-4f1a-a93f-440902de0b81", "value": "https://dryversdocumentgritsettings.com/javaupdat3s2016.exe" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176142", "to_ids": true, "type": "url", "uuid": "58c3064e-e54c-41a3-bb19-4dc702de0b81", "value": "https://megadl.fr/?b5r5bstqd1" }, { "category": "Network activity", "comment": "Downloader DFSP", "deleted": false, "disable_correlation": false, "timestamp": "1489176143", "to_ids": true, "type": "url", "uuid": "58c3064f-d348-4403-88a2-42dd02de0b81", "value": "https://srv-file1.gofile.io/download/SJLKaG/84.200.65.20/wscript.exe" } ] } }