misp-circl-feed/feeds/circl/misp/1c4e9e86-eff3-485f-aa1d-1bff68101b14.json

1264 lines
No EOL
36 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2020-12-10",
"extends_uuid": "",
"info": "OSINT - CobaltStrike C2s Dec2020_10",
"publish_timestamp": "1607605109",
"published": true,
"threat_level_id": "2",
"timestamp": "1607605096",
"uuid": "1c4e9e86-eff3-485f-aa1d-1bff68101b14",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": "0",
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": "0",
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": "0",
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:malpedia=\"Cobalt Strike\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:rat=\"Cobalt Strike\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "6247385e-d35b-4fd3-8c5c-baf2f84ec1ec",
"value": "192.119.111.117/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "b20a564e-edea-438a-ab8c-49ebf6ea252b",
"value": "192.119.111.117/match"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "d0baa683-497c-4b4c-a242-6b748b594795",
"value": "192.119.111.117/cm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "ad01ab3e-05cd-410f-ae6d-ad431b7c5391",
"value": "http://scripts.completelyinnocuousdomain.com/updates.rss"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "8c1cafb0-fabb-4e33-938e-a2fa092451d2",
"value": "scripts.completelyinnocuousdomain.com/ptj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "69a13af3-13ad-4574-a97a-ec8ba5a8b385",
"value": "3.133.100.221/dot.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "4ffa4e15-92de-43e4-912d-4cbd9b810095",
"value": "3.133.100.221/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "be0bc9b5-cb43-4e88-94a7-23fb0303cbc7",
"value": "129.226.15.142/pixel.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "42401926-71f9-4437-ab0c-642bf968f444",
"value": "lsass.services/idle/1376547834/1"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "1c801a83-ee84-4df1-9378-01c049e57b34",
"value": "cs.yourintrinsichealth.com/dot.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "b1e56d27-b249-4ec4-98cc-04c5928c67dc",
"value": "scripts.chickensdone.com/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "02ba5d76-f74d-4f06-9c12-0a047bcfff99",
"value": "167.179.78.159/cm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "e779c3e6-fa4d-4e04-bb1c-708c6b3f1294",
"value": "167.179.78.159/push"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "9f957714-0da4-4ac1-88d0-3a20431c2fa4",
"value": "lsass.cloud/pixel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "a8be673c-93d2-4a54-b7e9-2463b5d326e4",
"value": "mesteratosr.me/api"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "98df11a4-30bf-4239-bfd5-7a2eeb29c303",
"value": "185.162.235.111/pixel.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "93a70769-7a52-4887-ab34-0071cf841d73",
"value": "185.162.235.111/en_US/all.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "978f68ff-525b-4f56-8140-bc43570aeab5",
"value": "185.162.235.111/j.ad"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "3684c1ca-584c-426a-9d9e-681f90867371",
"value": "172.19.178.93/ga.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "73858011-cfeb-4bcf-b858-99e669fa33a8",
"value": "172.19.178.93/ca"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "128a4de7-f58e-4911-af65-d1e85013a1fc",
"value": "servupdates.com/ga.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "3e59ec67-eade-4f38-ba38-c6e47a8104dd",
"value": "servupdates.com/ptj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "225a6ce9-329e-49b6-9d73-05a114c25683",
"value": "servupdates.com/ca"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "122f14c6-4f21-4998-b1fc-2cca227b0139",
"value": "142.202.205.57/updates.rss"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "f60c090a-e650-4daa-925d-cf45d512a681",
"value": "108.166.207.133/cm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "108854c1-afe8-4b20-a15c-018244cd6c2b",
"value": "108.166.207.133/pixel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "cf648da5-93c9-46bb-8e2a-73d4fa736766",
"value": "3.137.217.140/dot.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "1be8eb51-2893-485e-821e-1ef77298bede",
"value": "www.mssql.tk/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "eb05844b-0223-4423-bb66-e745e3778486",
"value": "www.mssql.tk/IE9CompatViewList.xml"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "eef1e52e-bae9-4514-8354-abdb52f49437",
"value": "42.192.145.157/ga.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "584a5077-c2b3-497e-9041-861d8dbe3ce0",
"value": "42.192.145.157/cm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "80c68e30-fbd9-4da3-9064-af5f11e90cbf",
"value": "42.192.145.157/IE9CompatViewList.xml"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "d5408b0b-5aad-4eb4-87e0-088a789f8ef3",
"value": "42.192.145.157/push"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "9fc947ff-abfb-4805-a802-97e22cf42914",
"value": "162.241.127.180/j.ad"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "506ebc8e-2a5b-4729-9edf-81ca17329e2d",
"value": "104.247.196.106/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "025a2340-dc3e-47c2-96a0-f91be7bb18f7",
"value": "103.117.72.60/ptj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "3d346534-20c4-4377-b515-31aa5e5953d4",
"value": "outlook-1.azureedge.net/static/css/main.d22d3525.chunk.css"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "69cf018a-1a8b-4ace-8d30-f83f6671dede",
"value": "a93.xyz/IE9CompatViewList.xml"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "f3c7a756-4072-433f-8bbb-cc0c4d21d0c4",
"value": "167.179.66.246/ptj"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "8bc9ac2a-9cae-4631-890a-31d9a4ffa146",
"value": "http://daiwa-cm-us.azureedge.net//ro13.64.101.24/ro"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "81338ccc-1ddd-4d43-9ca3-5e3dce1ae129",
"value": "145.249.106.134/ga.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "f184ef82-f674-4f55-9fde-d8e5195a64ed",
"value": "145.249.106.134/dpixel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "79dcb2ef-3723-4f6d-ade1-c9ffacba4d02",
"value": "145.249.106.134/cm"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "173b3b9b-6104-420e-863e-598af599efa1",
"value": "218.253.251.89/fwlink"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "7c960e90-cca3-4754-9d8c-143663179c94",
"value": "194.5.249.55/dot.gif"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "cc5866e9-81ec-4956-8f4c-960ea859922a",
"value": "194.5.249.55/dpixel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "9e4faf9e-822e-490c-aef6-70dc04411672",
"value": "194.5.249.55/cx"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604942",
"to_ids": true,
"type": "url",
"uuid": "c5eb6907-322e-4b32-97a7-293a539fa05d",
"value": "47.104.91.8/en_US/all.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604943",
"to_ids": true,
"type": "url",
"uuid": "d79eb25d-b726-4719-8a54-56ac4396af3f",
"value": "47.104.91.8/fwlink"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604943",
"to_ids": true,
"type": "url",
"uuid": "143ec3b0-0af1-40cb-8d2c-2bde6222fdcb",
"value": "45.141.84.32/dpixel"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604943",
"to_ids": true,
"type": "url",
"uuid": "1f657410-e8c8-4277-9ed2-83fb8ae04fa5",
"value": "45.141.84.32/visit.js"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604943",
"to_ids": true,
"type": "url",
"uuid": "e09b1e5d-1425-487b-a2e5-960caf80b04d",
"value": "45.141.84.32/IE9CompatViewList.xml"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "e4f21093-84dd-4862-b37b-3bc5ee18ea94",
"value": "66.228.39.123"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "e3e1e26c-ef1e-42cd-a606-7ee75b457c6e",
"value": "54.226.33.66"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "72afbb14-4393-420c-a9fe-16144bbd7a7c",
"value": "175.24.246.200"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "30ab8781-7225-49f6-bfc6-fd485b6be520",
"value": "52.15.240.204"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "fe02ce66-8a8d-4fe8-bb14-e077e5d36e75",
"value": "3.133.160.202"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "70c162fc-fe93-49c4-89d1-4b2d446324ee",
"value": "47.91.237.42"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "40646ad7-a147-4a8e-9d09-4f1af05ad3f3",
"value": "167.179.78.159"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "b41a562d-45d4-4285-8371-cf047076be53",
"value": "62.57.104.87"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "657e7f54-66b8-4e2c-8ef8-1f82e57e9253",
"value": "116.63.189.240"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "a9f14d6c-a626-46fd-ba44-ba0228730252",
"value": "139.155.49.43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "b22becbc-b286-4fae-b81c-4f3dafffaa3d",
"value": "45.33.77.77"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "78b2ee8c-b1ae-44c8-b06c-d51a1a6c6a7b",
"value": "193.168.147.249"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "0d4a81e8-f801-4cfc-a1cd-d146a13ec0ca",
"value": "154.209.86.57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "d9ba3e0d-6751-4b95-b9c7-c594bb35bf5c",
"value": "185.207.154.19"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "1c17a6bc-fbda-4b03-a44c-4dd76c76278b",
"value": "185.162.235.111"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "54b7f0a7-b3c1-471a-a51f-59a4d3f872c4",
"value": "122.51.197.5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "210882c2-52d3-4c16-86db-f0f2a7d016cd",
"value": "193.34.166.73"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "d3492ba3-6d21-4875-abcf-599d971630bf",
"value": "152.32.253.210"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "ca8eaa5a-1cb0-4f76-bacc-009f34c28910",
"value": "185.181.102.197"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "8bb0385f-29c8-47a1-8e64-9a3d7654c8d8",
"value": "142.202.205.57"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "512dc9e4-39fd-483a-9c37-33732ff2fc2f",
"value": "108.166.207.133"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "90fed0f9-30c3-405a-b140-5ae7b3bc0d00",
"value": "3.137.217.140"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "513f4f23-5529-48e1-9dcb-92dedb518186",
"value": "121.4.69.24"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "b3e64d81-deb3-4dc7-86fd-0f3beddaf946",
"value": "39.96.9.238"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "ea1d9320-f2fb-4ff3-b6d1-f867dc2e7528",
"value": "148.70.139.64"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "e5aecfb6-27a9-41c1-89d4-7cfbb86518b9",
"value": "47.101.43.224"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "6a5a355d-2a5e-4ff2-b82a-a4638e7bf7f0",
"value": "47.97.65.242"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "41fa73c2-4463-484a-ac6d-36c087791fd0",
"value": "42.192.145.157"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "75029c0f-1302-4c59-a432-e841aaf98461",
"value": "162.241.127.180"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "c4a58643-4056-423c-8b11-337ea18de2e9",
"value": "104.247.196.106"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "9aff7ff2-2369-4b1b-bb20-2570b986e4f9",
"value": "146.185.132.43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "13fd34df-5fcb-4b01-becf-6d708e8a903f",
"value": "103.117.72.60"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "a9af5349-77e8-4d0c-88b9-76278bb1634c",
"value": "185.189.183.173"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "a82a85b1-ec4c-4ec4-acdd-004df0f50a4d",
"value": "167.99.200.45"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604988",
"to_ids": true,
"type": "ip-src",
"uuid": "a08f04a8-b081-4865-a37a-1a27c07ea796",
"value": "167.179.66.246"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "c8c5683e-82ae-49dc-b1a2-d1c1c18e6fbc",
"value": "139.180.199.171"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "1fdeacac-2de6-45f7-80ab-d937cf50d05d",
"value": "13.64.101.24"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "27fbefcc-37e4-4d1a-9cce-e93eb60cc969",
"value": "202.182.125.249"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "3719f638-8a32-410f-a088-2ba92f75f901",
"value": "106.14.94.149"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "6bb8f113-d066-4070-b65a-43197b5b41d1",
"value": "60.12.215.101"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "ad15f4bb-8a55-4f57-ba0f-267060080e55",
"value": "145.249.106.134"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "1a3119e1-ae80-405c-911d-b3f2aefadef9",
"value": "193.187.118.232"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "f9884dcf-4510-4307-8f71-a72d3297f376",
"value": "218.253.251.89"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "47b12b84-eeaa-4aa5-8cf7-afb439266806",
"value": "194.5.249.55"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "2a24f995-126a-4713-9f6b-157225f2c83d",
"value": "47.104.91.8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "fc3b66b0-c894-4974-9e4c-23540d7bd952",
"value": "118.107.41.104"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "d13b268d-e82e-4b75-92ed-1488eb7269e4",
"value": "45.141.84.32"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "3ebae168-c560-48c7-a7de-0c09eccde1f6",
"value": "3.17.176.47"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "ed99ba56-4c65-4416-af26-658b059c0afe",
"value": "111.229.51.128"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "13906e4d-d2fb-43ff-b6c8-70a979c23083",
"value": "23.106.160.191"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "d0f2aa83-36ff-4fd1-8e72-3f8d0d3bd20a",
"value": "100.24.56.227"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1607604989",
"to_ids": true,
"type": "ip-src",
"uuid": "81996b71-19d5-4230-9a4a-6ed7d1f756ea",
"value": "45.199.110.164"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Paste or similar post from a website allowing to share privately or publicly posts.",
"meta-category": "misc",
"name": "paste",
"template_uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12",
"template_version": "5",
"timestamp": "1607605042",
"uuid": "c9f35ca0-b785-4690-8831-338c8eb35ffe",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "origin",
"timestamp": "1607605042",
"to_ids": false,
"type": "text",
"uuid": "8914c184-e266-48b8-bb4b-1d7ace03eda3",
"value": "pastebin.com"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "title",
"timestamp": "1607605042",
"to_ids": false,
"type": "text",
"uuid": "7207e756-0071-499c-8009-0a576457e179",
"value": "CobaltStrike C2s Dec2020_10"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1607605042",
"to_ids": false,
"type": "text",
"uuid": "fbdc9ea7-0eec-42b1-b3f3-38cc431b0556",
"value": "ImGlaCiuS"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1607605043",
"to_ids": false,
"type": "link",
"uuid": "d810405f-4746-4046-8fff-f7f7bc91b66d",
"value": "https://pastebin.com/Svw5vMvm"
}
]
}
]
}
}