4067 lines
No EOL
145 KiB
JSON
4067 lines
No EOL
145 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2019-12-09",
|
|
"extends_uuid": "",
|
|
"info": "Tracking Powershell Empire C2 via Urlscan",
|
|
"publish_timestamp": "1589181499",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1588338859",
|
|
"uuid": "5deea6f2-568c-4fe3-a457-0d230a0a019b",
|
|
"Orgc": {
|
|
"name": "Hestat",
|
|
"uuid": "5cb1fe4f-5ebc-4dc2-b79f-4374b49abff9"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:mitre-tool=\"Empire - S0363\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#009922",
|
|
"local": "0",
|
|
"name": "Threat Source:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ff8a00",
|
|
"local": "0",
|
|
"name": "Source:Urlscan.io",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": "0",
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": "0",
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-28ec-432c-89fb-e25974656a8a",
|
|
"value": "194.99.22.145"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-01ac-44d8-bad9-e25974656a8a",
|
|
"value": "https://194.99.22.145",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-34e8-48d9-9a36-e25974656a8a",
|
|
"value": "https://194.99.22.145/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-12e8-4045-9f5d-e25974656a8a",
|
|
"value": "81.150.206.83"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-ddc4-4a4b-919e-e25974656a8a",
|
|
"value": "http://81.150.206.83:443/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-c760-439a-ad7c-e25974656a8a",
|
|
"value": "167.172.197.56"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-ad54-4525-97ec-e25974656a8a",
|
|
"value": "http://167.172.197.56",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-963c-4d8e-8ba5-e25974656a8a",
|
|
"value": "88.150.137.138"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-2a60-40e8-b7bc-e25974656a8a",
|
|
"value": "https://msofficeadvices.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-c554-4293-a9ca-e25974656a8a",
|
|
"value": "188.166.19.143"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-fa94-4df0-ac46-e25974656a8a",
|
|
"value": "https://188.166.19.143",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-6620-47d5-9114-e25974656a8a",
|
|
"value": "45.67.231.104"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-21a4-4b94-aa08-e25974656a8a",
|
|
"value": "http://45.67.231.104",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-52fc-4a89-b42d-e25974656a8a",
|
|
"value": "34.65.152.49"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-68bc-41b0-8b00-e25974656a8a",
|
|
"value": "https://updates.esiotrot.xyz",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-2ae4-4385-86eb-e25974656a8a",
|
|
"value": "139.180.209.145"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-2dc0-40c8-9e77-e25974656a8a",
|
|
"value": "https://healthcare-registration.xyz",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-a170-4bfa-b839-e25974656a8a",
|
|
"value": "https://139.180.209.145/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-7440-447a-8c99-e25974656a8a",
|
|
"value": "18.222.125.41"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-069c-4a87-8da4-e25974656a8a",
|
|
"value": "https://test.safedatasystems.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-c4b8-4e11-bc0b-e25974656a8a",
|
|
"value": "13.58.172.43"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-7c94-4580-810f-e25974656a8a",
|
|
"value": "https://drivesecure.safedatasystems.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-0e28-4f99-b6a6-e25974656a8a",
|
|
"value": "194.36.190.54"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-a854-49d7-a119-e25974656a8a",
|
|
"value": "https://194.36.190.54:443",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-9870-4ff9-90bf-e25974656a8a",
|
|
"value": "45.33.104.234"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-63d4-47cd-bdf8-e25974656a8a",
|
|
"value": "http://iot-config-engine.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-d6d4-4532-bbe1-e25974656a8a",
|
|
"value": "198.46.227.15"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-3240-4cce-838e-e25974656a8a",
|
|
"value": "https://red.csirt.fun/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-9a2c-4ca6-b204-e25974656a8a",
|
|
"value": "185.227.68.86"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-f744-4b24-815e-e25974656a8a",
|
|
"value": "https://socialpolicies.org/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-cbe4-44bb-81d1-e25974656a8a",
|
|
"value": "123.116.96.233"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-4e60-4cdf-8b40-e25974656a8a",
|
|
"value": "http://noteyi.com:8886/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-479c-4874-963d-e25974656a8a",
|
|
"value": "167.71.191.55"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-0cc0-436c-8379-e25974656a8a",
|
|
"value": "https://lifeinsurancecoveragequotes.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-5110-4e84-a9a7-e25974656a8a",
|
|
"value": "https://socialpolicies.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-0c0c-470d-9ce6-e25974656a8a",
|
|
"value": "62.210.27.123"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-d964-498c-a1d3-e25974656a8a",
|
|
"value": "http://62.210.27.123",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-877c-42a1-a72b-e25974656a8a",
|
|
"value": "45.32.150.52"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-78e8-41b3-b153-e25974656a8a",
|
|
"value": "http://nbk-trainings.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-85ec-4921-803e-e25974656a8a",
|
|
"value": "77.81.110.76"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-b238-4e68-bc0c-e25974656a8a",
|
|
"value": "http://venusidea.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-1f9c-4b16-ba3e-e25974656a8a",
|
|
"value": "52.37.173.22"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-5dfc-4930-a726-e25974656a8a",
|
|
"value": "https://airwatch.aeratechnolgy.com/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541879",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb7-bad4-4c62-ba90-e25974656a8a",
|
|
"value": "185.216.35.182"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb7-7954-42f7-bd57-e25974656a8a",
|
|
"value": "https://functiondiscovery.net",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-3bfc-4e9c-a1b6-e25974656a8a",
|
|
"value": "207.148.85.242"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-fb8c-495e-844a-e25974656a8a",
|
|
"value": "http://207.148.85.242",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-782c-492a-a4ef-e25974656a8a",
|
|
"value": "142.93.137.2"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-cfb0-4eae-af95-e25974656a8a",
|
|
"value": "http://142.93.137.2",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-cf8c-4305-b802-e25974656a8a",
|
|
"value": "68.235.34.235"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-4fa8-45bf-bcf8-e25974656a8a",
|
|
"value": "http://google-settingsapi.fbapp.link",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-1c84-4079-b4a3-e25974656a8a",
|
|
"value": "104.167.109.246"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-79e4-41af-985d-e25974656a8a",
|
|
"value": "http://104.167.109.246",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-95e4-49a9-9253-e25974656a8a",
|
|
"value": "83.212.74.22"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-c548-4186-abb7-e25974656a8a",
|
|
"value": "http://83.212.74.22",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-4160-4a11-9c0d-e25974656a8a",
|
|
"value": "52.15.49.41"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-0f80-4f67-a82d-e25974656a8a",
|
|
"value": "http://ur.owned.fyi",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-c630-4f92-9eb6-e25974656a8a",
|
|
"value": "34.195.166.4"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-3a9c-4bd1-a80f-e25974656a8a",
|
|
"value": "http://emp.fourhorsemen.tech:8080",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-76e4-434d-8baa-e25974656a8a",
|
|
"value": "84.16.242.231"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-8e34-486f-b581-e25974656a8a",
|
|
"value": "https://endpointreserve.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-5c14-4952-93e4-e25974656a8a",
|
|
"value": "157.230.26.0"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-ddec-4516-a8e7-e25974656a8a",
|
|
"value": "http://157.230.26.0",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-57d0-4be6-a206-e25974656a8a",
|
|
"value": "195.201.23.134"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-964c-49c1-a9d2-e25974656a8a",
|
|
"value": "http://check.wittmann-it-security.org/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-f144-4510-bbb7-e25974656a8a",
|
|
"value": "2606:4700:30::6812:3594"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-34b8-436d-8a0a-e25974656a8a",
|
|
"value": "http://msdn.cloud",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-b58c-46ed-b06c-e25974656a8a",
|
|
"value": "167.99.60.195"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-c824-462f-b356-e25974656a8a",
|
|
"value": "http://167.99.60.195:80",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-87ec-499f-af6d-e25974656a8a",
|
|
"value": "157.230.231.108"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-a450-4a31-af69-e25974656a8a",
|
|
"value": "https://perksatwork.tk",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-a454-4c89-90d4-e25974656a8a",
|
|
"value": "18.225.11.235"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-d28c-48c4-adba-e25974656a8a",
|
|
"value": "https://fcbankfs01.departments.it.fisrv.help",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-5378-44f6-ab08-e25974656a8a",
|
|
"value": "64.231.208.45"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-23b0-4477-904f-e25974656a8a",
|
|
"value": "https://64.231.208.45",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-7168-4dad-ad2c-e25974656a8a",
|
|
"value": "185.117.75.116"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-7788-4c53-a223-e25974656a8a",
|
|
"value": "http://185.117.75.116",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-7060-465c-86b1-e25974656a8a",
|
|
"value": "185.245.84.106"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-d184-468d-b623-e25974656a8a",
|
|
"value": "https://officestorage.org/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-be1c-449c-a9b2-e25974656a8a",
|
|
"value": "5.226.139.30"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-9ef4-42c5-92b0-e25974656a8a",
|
|
"value": "https://5.226.139.30",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-5aec-46ee-ad66-e25974656a8a",
|
|
"value": "172.104.189.160"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-0368-40f7-860b-e25974656a8a",
|
|
"value": "http://172.104.189.160",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-b208-4d61-a7ec-e25974656a8a",
|
|
"value": "185.244.149.72"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-8ec0-483c-b908-e25974656a8a",
|
|
"value": "http://185.244.149.72",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-dd00-4d74-8a69-e25974656a8a",
|
|
"value": "45.76.81.45"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-de0c-47bb-99a3-e25974656a8a",
|
|
"value": "http://45.76.81.45",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-6944-4ef7-ad17-e25974656a8a",
|
|
"value": "51.144.106.161"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-7540-4f27-ab4f-e25974656a8a",
|
|
"value": "http://pladderballe.westeurope.cloudapp.azure.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-f824-4292-86bc-e25974656a8a",
|
|
"value": "http://localarea-search.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-a95c-4f5c-955c-e25974656a8a",
|
|
"value": "142.4.212.73"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-1ee4-4951-95a6-e25974656a8a",
|
|
"value": "http://142.4.212.73",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-7060-4d25-bbd9-e25974656a8a",
|
|
"value": "178.128.104.195"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541984",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-9ca4-4824-b05d-e25974656a8a",
|
|
"value": "http://zfsociety.duckdns.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-4abc-4db9-8948-e25974656a8a",
|
|
"value": "213.215.18.19"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-caa0-44ed-ad86-e25974656a8a",
|
|
"value": "http://timbaud.fr",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-dd54-4118-af3b-e25974656a8a",
|
|
"value": "http://stade-rennais.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-9fb4-4c26-8770-e25974656a8a",
|
|
"value": "199.247.14.183"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-e788-494d-98f3-e25974656a8a",
|
|
"value": "http://safeserverltd.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-bb7c-4c05-89f2-e25974656a8a",
|
|
"value": "http://offrespartenaires.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-2360-4e79-9484-e25974656a8a",
|
|
"value": "195.30.125.135"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-030c-4185-b522-e25974656a8a",
|
|
"value": "http://upload.secure-portal.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-3de0-4705-a2c2-e25974656a8a",
|
|
"value": "104.250.97.147"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-ce80-4423-a918-e25974656a8a",
|
|
"value": "http://update.missoulahealthcare.xyz",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-0020-4e85-8f87-e25974656a8a",
|
|
"value": "2606:4700:30::6818:6720"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-99e8-4901-b250-e25974656a8a",
|
|
"value": "http://ticketsmasters.win",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-1ab4-4422-98ba-e25974656a8a",
|
|
"value": "http://testb.nsd.li",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541983",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-53bc-442b-9ac3-e25974656a8a",
|
|
"value": "http://survey.fiduciaqad.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-64bc-45c9-9a68-e25974656a8a",
|
|
"value": "23.105.219.17"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-7e70-4b2b-9a5c-e25974656a8a",
|
|
"value": "http://sssvr.club",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-3f88-4de0-bf7e-e25974656a8a",
|
|
"value": "http://ptir.g-statics.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-8b2c-497a-8cc9-e25974656a8a",
|
|
"value": "http://privedsales.ignorelist.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-9070-44b3-9a41-e25974656a8a",
|
|
"value": "198.100.147.70"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-b27c-434a-a036-e25974656a8a",
|
|
"value": "http://ns503220.ip-198-100-147.net",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-4278-4738-b119-e25974656a8a",
|
|
"value": "http://ns2.pentest.fr",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-f564-4a4b-b9ae-e25974656a8a",
|
|
"value": "146.185.253.140"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-50ec-458b-8741-e25974656a8a",
|
|
"value": "http://mediareleasedtoday.net",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-5de8-479e-bc8b-e25974656a8a",
|
|
"value": "http://mail.geschenk-mit-herz.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-a4c4-4335-8e5c-e25974656a8a",
|
|
"value": "23.100.18.249"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-ae28-4207-9043-e25974656a8a",
|
|
"value": "http://magicum.eastus.cloudapp.azure.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-8964-49e5-8c8b-e25974656a8a",
|
|
"value": "http://m.stade-rennais.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-39f8-4181-a5b6-e25974656a8a",
|
|
"value": "http://kasperskylab.ignorelist.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-5b68-4822-9bf8-e25974656a8a",
|
|
"value": "23.254.164.197"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-f848-4842-8814-e25974656a8a",
|
|
"value": "http://hwsrv-298769.hostwindsdns.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-5424-49ca-8b38-e25974656a8a",
|
|
"value": "47.244.13.123"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-49b8-4653-b855-e25974656a8a",
|
|
"value": "http://hk.0-9.club",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-0a2c-42a4-96d8-e25974656a8a",
|
|
"value": "87.213.173.189"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-f18c-45ad-af6d-e25974656a8a",
|
|
"value": "http://gipsy.sarlaith.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-896c-4675-b339-e25974656a8a",
|
|
"value": "http://geschenk-mit-herz.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-096c-4847-8b3a-e25974656a8a",
|
|
"value": "104.244.72.144"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-aaa0-417f-86f1-e25974656a8a",
|
|
"value": "http://frezer.mooo.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-cf28-4963-ae56-e25974656a8a",
|
|
"value": "http://files.missoulahealthcare.xyz",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-ad50-416a-8e69-e25974656a8a",
|
|
"value": "http://fiduciaqad.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-81a0-454e-98d4-e25974656a8a",
|
|
"value": "http://fax.fiduciaqad.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-9650-4783-88f8-e25974656a8a",
|
|
"value": "13.89.241.234"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-55d8-467f-a767-e25974656a8a",
|
|
"value": "http://executivejewishdating.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-7fe8-4a20-b9d4-e25974656a8a",
|
|
"value": "217.182.38.136"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-bec8-4266-9038-e25974656a8a",
|
|
"value": "http://cylog.club",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-2670-463a-9ece-e25974656a8a",
|
|
"value": "http://calcon.secure-portal.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb8-e68c-4553-916b-e25974656a8a",
|
|
"value": "http://bw-spieibanken.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541880",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb8-9378-4b37-aff9-e25974656a8a",
|
|
"value": "87.213.175.189"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-6540-417f-a732-e25974656a8a",
|
|
"value": "http://backlash.sarlaith.org",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-8b50-4a32-a064-e25974656a8a",
|
|
"value": "http://amazon.secure-portal.de",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-a5bc-40d1-bc07-e25974656a8a",
|
|
"value": "2606:4700:30::6818:6620"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-808c-4913-a68d-e25974656a8a",
|
|
"value": "94.140.116.216"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-3674-47d1-8eeb-e25974656a8a",
|
|
"value": "http://94.140.116.216:443/admin",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-ced4-4574-9f4b-e25974656a8a",
|
|
"value": "23.82.185.140"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-4408-49ea-af02-e25974656a8a",
|
|
"value": "http://23.82.185.140:443/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-b640-4bdf-b242-e25974656a8a",
|
|
"value": "45.147.228.91"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-3b90-407e-a6a3-e25974656a8a",
|
|
"value": "http://45.147.228.91:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-a7f8-4ef6-b0fb-e25974656a8a",
|
|
"value": "45.76.21.239"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-8a20-4bb1-b9b3-e25974656a8a",
|
|
"value": "http://45.76.21.239:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-e648-455f-856f-e25974656a8a",
|
|
"value": "http://45.76.21.239:443/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-1e38-4b2f-b993-e25974656a8a",
|
|
"value": "http://45.76.21.239:443/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-8d24-4faa-ade0-e25974656a8a",
|
|
"value": "176.121.14.143"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-a620-412b-9754-e25974656a8a",
|
|
"value": "http://176.121.14.143:9050/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-3a70-4cb7-bb18-e25974656a8a",
|
|
"value": "212.114.52.151"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541956",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-d090-4b91-b395-e25974656a8a",
|
|
"value": "http://212.114.52.151:443/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-7034-4d81-b4f1-e25974656a8a",
|
|
"value": "45.147.228.89"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-8cfc-4f04-ba72-e25974656a8a",
|
|
"value": "http://45.147.228.89:443/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-246c-4e51-99d9-e25974656a8a",
|
|
"value": "81.22.45.235"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-22e0-4f1e-8d1e-e25974656a8a",
|
|
"value": "http://81.22.45.235:80",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-8a08-4e30-abe3-e25974656a8a",
|
|
"value": "http://81.22.45.235:8080",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-bf1c-445a-82e5-e25974656a8a",
|
|
"value": "45.147.228.95"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-9a58-4060-b490-e25974656a8a",
|
|
"value": "http://45.147.228.95:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-5ac4-4df4-ac44-e25974656a8a",
|
|
"value": "45.76.27.238"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541956",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-db70-4a10-987f-e25974656a8a",
|
|
"value": "http://45.76.27.238:443/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-32f4-41b6-a331-e25974656a8a",
|
|
"value": "66.42.70.193"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541956",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-ea64-4cc9-9eed-e25974656a8a",
|
|
"value": "http://66.42.70.193:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-66bc-45bf-a42e-e25974656a8a",
|
|
"value": "176.121.14.159"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-26a0-42aa-8730-e25974656a8a",
|
|
"value": "http://176.121.14.159:443/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-43a0-4e41-8790-e25974656a8a",
|
|
"value": "45.77.64.186"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-2970-45b1-85a6-e25974656a8a",
|
|
"value": "http://45.77.64.186:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-432c-4322-b3f9-e25974656a8a",
|
|
"value": "91.235.129.170"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-118c-4bd6-a81c-e25974656a8a",
|
|
"value": "https://91.235.129.170/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-03dc-4c24-9c81-e25974656a8a",
|
|
"value": "195.123.212.217"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-bd48-4ffe-bd19-e25974656a8a",
|
|
"value": "http://195.123.212.217/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-1be8-402d-87ed-e25974656a8a",
|
|
"value": "http://195.123.212.217/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-ada0-427c-81f2-e25974656a8a",
|
|
"value": "109.94.110.136"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-17a4-4d42-9ed9-e25974656a8a",
|
|
"value": "https://109.94.110.136:443/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-0398-4cc3-b1bd-e25974656a8a",
|
|
"value": "192.243.103.89"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-3514-49bc-aeb9-e25974656a8a",
|
|
"value": "https://192.243.103.89:443/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-d30c-4a9b-a90c-e25974656a8a",
|
|
"value": "194.36.189.9"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-b5d8-4d73-959e-e25974656a8a",
|
|
"value": "https://194.36.189.9/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-7d94-4944-973a-e25974656a8a",
|
|
"value": "185.16.41.219"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-b314-4d1a-ac14-e25974656a8a",
|
|
"value": "https://185.16.41.219:80/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-0e4c-490a-8a91-e25974656a8a",
|
|
"value": "https://185.16.41.219/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-d0b4-4afe-a585-e25974656a8a",
|
|
"value": "216.189.154.85"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-4178-4093-8ea0-e25974656a8a",
|
|
"value": "https://216.189.154.85:443/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-9d00-4b83-919b-e25974656a8a",
|
|
"value": "185.25.51.48"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541958",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-62c0-4285-9903-e25974656a8a",
|
|
"value": "http://185.25.51.48",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-7310-4255-8750-e25974656a8a",
|
|
"value": "http://185.25.51.48/4ehkbatOFTTUYZV",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-ff2c-480a-92e0-e25974656a8a",
|
|
"value": "5.188.231.109"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-5dd4-44ea-a8f1-e25974656a8a",
|
|
"value": "https://5.188.231.109:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-4938-407e-b19c-e25974656a8a",
|
|
"value": "162.244.32.42"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-61d0-49c9-93ea-e25974656a8a",
|
|
"value": "https://162.244.32.42/news.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-315c-40f8-afd6-e25974656a8a",
|
|
"value": "162.247.155.105"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-166c-4d73-bfc9-e25974656a8a",
|
|
"value": "http://162.247.155.105:443/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-f300-49a8-8039-e25974656a8a",
|
|
"value": "65.111.247.100"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-b054-4219-bbb2-e25974656a8a",
|
|
"value": "http://65.111.247.100:4444/file.ps1",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-6bd8-4cae-b421-e25974656a8a",
|
|
"value": "35.158.75.78"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-6ef4-4a52-881e-e25974656a8a",
|
|
"value": "http://35.158.75.78/index.html",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-efbc-4493-85af-e25974656a8a",
|
|
"value": "77.244.219.111"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-8a4c-412b-b6a5-e25974656a8a",
|
|
"value": "http://77.244.219.111:8080/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-7554-4c5d-9290-e25974656a8a",
|
|
"value": "46.166.185.117"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541957",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-bee4-4803-a7fe-e25974656a8a",
|
|
"value": "http://46.166.185.117:8080/admin/get.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541881",
|
|
"to_ids": true,
|
|
"type": "ip-dst",
|
|
"uuid": "5df81eb9-c258-4c51-ab59-e25974656a8a",
|
|
"value": "40.126.251.3"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576541956",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5df81eb9-abac-4350-9195-e25974656a8a",
|
|
"value": "https://40.126.251.3/login/process.php",
|
|
"Tag": [
|
|
{
|
|
"colour": "#10e874",
|
|
"local": "0",
|
|
"name": "Powershell Empire",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e200a3",
|
|
"local": "0",
|
|
"name": "kill-chain:Command and Control",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Hashes of Powershell Empire C2 masquerade page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576542108",
|
|
"to_ids": false,
|
|
"type": "sha256",
|
|
"uuid": "5df81f9c-e444-4b18-b8d4-986e0a0a019b",
|
|
"value": "b8c892fbb49921529be6f6ce17685c31724f76959111b28f39e39dc299b8acaf"
|
|
},
|
|
{
|
|
"category": "Artifacts dropped",
|
|
"comment": "Hashes of Powershell Empire C2 masquerade page",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576542108",
|
|
"to_ids": false,
|
|
"type": "sha256",
|
|
"uuid": "5df81f9c-db88-4915-bd59-986e0a0a019b",
|
|
"value": "a58fb107072d9523114a1b1f17fbf5e7a8b96da7783f24d84f83df34abc48576"
|
|
},
|
|
{
|
|
"category": "Support Tool",
|
|
"comment": "URLscan search for older Empire C2 hash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576542154",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5df81fca-fb1c-449f-ad16-986e0a0a019b",
|
|
"value": "https://urlscan.io/search/#hash%3Aa58fb107072d9523114a1b1f17fbf5e7a8b96da7783f24d84f83df34abc48576"
|
|
},
|
|
{
|
|
"category": "Support Tool",
|
|
"comment": "URLscan search for current Empire C2 hash",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576542243",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5df82023-b000-4d18-bd6a-deda0a0a019b",
|
|
"value": "https://urlscan.io/search/#hash%3Ab8c892fbb49921529be6f6ce17685c31724f76959111b28f39e39dc299b8acaf%20"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Original CSV with downloaded data from Urlscan searches",
|
|
"data": "RGF0ZSxVUkwsQ291bnRyeSxEb21haW4sQVNOLFBUUixJUCxTSEEyNTYNCjIwMTktMTItMTJUMTU6MzI6NDEuMDEzWiwgaHR0cHM6Ly8xOTQuOTkuMjIuMTQ1LERFLCAxOTQuOTkuMjIuMTQ1LCBBUzIwMjQ0OCwgbm8tcmV2ZXJzZS15ZXQubG9jYWwsIDE5NC45OS4yMi4xNDUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMi0xMlQxNToyMzo0Ny40OTlaLCBodHRwczovLzE5NC45OS4yMi4xNDUvLERFLCAxOTQuOTkuMjIuMTQ1LCBBUzIwMjQ0OCwgbm8tcmV2ZXJzZS15ZXQubG9jYWwsIDE5NC45OS4yMi4xNDUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMi0wM1QxNDozNToyNC43NThaLCBodHRwOi8vODEuMTUwLjIwNi44Mzo0NDMvLEdCLCA4MS4xNTAuMjA2LjgzLCBBUzI4NTYsIG1haWwxLnlhY2MuY28udWssIDgxLjE1MC4yMDYuODMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMS0yN1QyMDowMjozNy44MjlaLCBodHRwOi8vMTY3LjE3Mi4xOTcuNTYsVVMsIDE2Ny4xNzIuMTk3LjU2LCBBUzE0MDYxLCAsIDE2Ny4xNzIuMTk3LjU2LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTEtMjFUMTM6NTg6MDMuNTI3WiwgaHR0cHM6Ly9tc29mZmljZWFkdmljZXMuY29tLEdCLCBtc29mZmljZWFkdmljZXMuY29tLCBBUzIwODYwLCAsIDg4LjE1MC4xMzcuMTM4LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTEtMTFUMTg6NDE6MjUuOTcxWiwgaHR0cHM6Ly8xODguMTY2LjE5LjE0MyxOTCwgMTg4LjE2Ni4xOS4xNDMsIEFTMTQwNjEsICwgMTg4LjE2Ni4xOS4xNDMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMC0yMlQwMDoxODoxOC40MDRaLCBodHRwOi8vNDUuNjcuMjMxLjEwNCxOTCwgNDUuNjcuMjMxLjEwNCwgQVM2MjA4OCwgZGFya3JheS5jb20sIDQ1LjY3LjIzMS4xMDQsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMC0yMVQwMDoxMzo1MC40NDZaLCBodHRwczovL3VwZGF0ZXMuZXNpb3Ryb3QueHl6LFVTLCB1cGRhdGVzLmVzaW90cm90Lnh5eiwgQVMxNTE2OSwgNDkuMTUyLjY1LjM0LmJjLmdvb2dsZXVzZXJjb250ZW50LmNvbSwgMzQuNjUuMTUyLjQ5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTAtMTdUMTY6NTc6MTYuODY0WiwgaHR0cHM6Ly9oZWFsdGhjYXJlLXJlZ2lzdHJhdGlvbi54eXosU0csIGhlYWx0aGNhcmUtcmVnaXN0cmF0aW9uLnh5eiwgQVMyMDQ3MywgMTM5LjE4MC4yMDkuMTQ1LnZ1bHRyLmNvbSwgMTM5LjE4MC4yMDkuMTQ1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMTAtMTdUMTY6NTY6NTIuOTI2WiwgaHR0cHM6Ly8xMzkuMTgwLjIwOS4xNDUvLFNHLCAxMzkuMTgwLjIwOS4xNDUsIEFTMjA0NzMsIDEzOS4xODAuMjA5LjE0NS52dWx0ci5jb20sIDEzOS4xODAuMjA5LjE0NSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTEwLTA0VDIwOjIxOjM5LjYzM1osIGh0dHBzOi8vdGVzdC5zYWZlZGF0YXN5c3RlbXMuY29tLFVTLCB0ZXN0LnNhZmVkYXRhc3lzdGVtcy5jb20sIEFTMTY1MDksIGVjMi0xOC0yMjItMTI1LTQxLnVzLWVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20sIDE4LjIyMi4xMjUuNDEsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wOS0yNlQxMzo0OTo0OS41MzFaLCBodHRwczovL2RyaXZlc2VjdXJlLnNhZmVkYXRhc3lzdGVtcy5jb20sVVMsIGRyaXZlc2VjdXJlLnNhZmVkYXRhc3lzdGVtcy5jb20sIEFTMTY1MDksIGVjMi0xMy01OC0xNzItNDMudXMtZWFzdC0yLmNvbXB1dGUuYW1hem9uYXdzLmNvbSwgMTMuNTguMTcyLjQzLGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDktMTlUMTM6MDc6MTIuOTY2WiwgaHR0cHM6Ly8xOTQuMzYuMTkwLjU0OjQ0MyxOTCwgMTk0LjM2LjE5MC41NCwgQVM2MDExNywgLCAxOTQuMzYuMTkwLjU0LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDktMDlUMjA6MzA6MzMuMzA1WiwgaHR0cDovL2lvdC1jb25maWctZW5naW5lLmNvbSxVUywgaW90LWNvbmZpZy1lbmdpbmUuY29tLCBBUzYzOTQ5LCBsaTE0MzEtMjM0Lm1lbWJlcnMubGlub2RlLmNvbSwgNDUuMzMuMTA0LjIzNCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA4LTI4VDExOjAxOjAyLjA5OVosIGh0dHBzOi8vcmVkLmNzaXJ0LmZ1bi8sVVMsIHJlZC5jc2lydC5mdW4sIEFTMzYzNTIsIDE5OC0yNDUtNjktMTctaG9zdC5jb2xvY3Jvc3NpbmcuY29tLCAxOTguNDYuMjI3LjE1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDgtMjdUMDk6MDQ6MTEuMDc1WiwgaHR0cHM6Ly9zb2NpYWxwb2xpY2llcy5vcmcvLEZJLCBzb2NpYWxwb2xpY2llcy5vcmcsIEFTMjA2ODA0LCAsIDE4NS4yMjcuNjguODYsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wOC0xNlQxMzo1MTowNi43NzhaLCBodHRwOi8vbm90ZXlpLmNvbTo4ODg2LyxDTiwgbm90ZXlpLmNvbSwgQVM0ODA4LCAsIDEyMy4xMTYuOTYuMjMzLGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDgtMTRUMTc6NTk6NTEuNDc4WiwgaHR0cHM6Ly9saWZlaW5zdXJhbmNlY292ZXJhZ2VxdW90ZXMuY29tLFVTLCBsaWZlaW5zdXJhbmNlY292ZXJhZ2VxdW90ZXMuY29tLCBBUzE0MDYxLCAsIDE2Ny43MS4xOTEuNTUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wOC0wNlQxMTowMzozMC4xMjNaLCBodHRwczovL3NvY2lhbHBvbGljaWVzLm9yZyxGSSwgc29jaWFscG9saWNpZXMub3JnLCBBUzIwNjgwNCwgLCAxODUuMjI3LjY4Ljg2LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDctMjBUMTk6NDU6MjUuMDAyWiwgaHR0cDovLzYyLjIxMC4yNy4xMjMsRlIsIDYyLjIxMC4yNy4xMjMsIEFTMTI4NzYsIDYyLTIxMC0yNy0xMjMucmV2LnBvbmV5dGVsZWNvbS5ldSwgNjIuMjEwLjI3LjEyMyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA3LTEyVDEwOjM0OjQ5LjIxNVosIGh0dHA6Ly9uYmstdHJhaW5pbmdzLmNvbSxGUiwgbmJrLXRyYWluaW5ncy5jb20sIEFTMjA0NzMsIDQ1LjMyLjE1MC41Mi52dWx0ci5jb20sIDQ1LjMyLjE1MC41MixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA3LTExVDEwOjAzOjMwLjA3M1osIGh0dHA6Ly92ZW51c2lkZWEuY29tLE5MLCB2ZW51c2lkZWEuY29tLCBBUzkwMDksICwgNzcuODEuMTEwLjc2LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDYtMTlUMjE6MjE6MjYuNzA0WiwgaHR0cHM6Ly9haXJ3YXRjaC5hZXJhdGVjaG5vbGd5LmNvbS8sVVMsIGFpcndhdGNoLmFlcmF0ZWNobm9sZ3kuY29tLCBBUzE2NTA5LCBlYzItNTItMzctMTczLTIyLnVzLXdlc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20sIDUyLjM3LjE3My4yMixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA2LTE5VDAzOjA0OjE5LjM0MFosIGh0dHBzOi8vZnVuY3Rpb25kaXNjb3ZlcnkubmV0LENaLCBmdW5jdGlvbmRpc2NvdmVyeS5uZXQsIEFTOTAwOSwgLCAxODUuMjE2LjM1LjE4MixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA2LTE0VDA0OjA1OjI2LjEzMFosIGh0dHA6Ly8yMDcuMTQ4Ljg1LjI0MixBVSwgMjA3LjE0OC44NS4yNDIsIEFTMjA0NzMsIDIwNy4xNDguODUuMjQyLnZ1bHRyLmNvbSwgMjA3LjE0OC44NS4yNDIsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNi0xMlQxNTozNzo0MC4xNjVaLCBodHRwOi8vMTQyLjkzLjEzNy4yLE5MLCAxNDIuOTMuMTM3LjIsIEFTMTQwNjEsICwgMTQyLjkzLjEzNy4yLGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDYtMTJUMTM6NTk6MjUuNTg3WiwgaHR0cDovLzE0Mi45My4xMzcuMixOTCwgMTQyLjkzLjEzNy4yLCBBUzE0MDYxLCAsIDE0Mi45My4xMzcuMixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA2LTA1VDIxOjExOjIzLjcwMlosIGh0dHA6Ly9nb29nbGUtc2V0dGluZ3NhcGkuZmJhcHAubGluayxVUywgZ29vZ2xlLXNldHRpbmdzYXBpLmZiYXBwLmxpbmssIEFTMTE4NzgsIHN0YXRpYy02OC0yMzUtMzQtMjM1LmN1c3QudHp1bG8uY29tLCA2OC4yMzUuMzQuMjM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDUtMzFUMTY6NTQ6NTkuNjg0WiwgaHR0cDovL2lvdC1jb25maWctZW5naW5lLmNvbSxVUywgaW90LWNvbmZpZy1lbmdpbmUuY29tLCBBUzYzOTQ5LCBsaTE0MzEtMjM0Lm1lbWJlcnMubGlub2RlLmNvbSwgNDUuMzMuMTA0LjIzNCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA1LTMwVDEyOjA0OjI3LjU3NlosIGh0dHA6Ly8xMDQuMTY3LjEwOS4yNDYsQ0EsIDEwNC4xNjcuMTA5LjI0NiwgQVMzMTc5OCwgLCAxMDQuMTY3LjEwOS4yNDYsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNS0zMFQxMjowMjozNi4yNjdaLCBodHRwOi8vODMuMjEyLjc0LjIyLEdSLCA4My4yMTIuNzQuMjIsIEFTNTQwOCwgc25mLTUxNTkub2sta25vLmdybmV0Y2xvdWQubmV0LCA4My4yMTIuNzQuMjIsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNS0yMlQyMDowNToxMS41NjRaLCBodHRwOi8vdXIub3duZWQuZnlpLFVTLCB1ci5vd25lZC5meWksIEFTMTY1MDksIGVjMi01Mi0xNS00OS00MS51cy1lYXN0LTIuY29tcHV0ZS5hbWF6b25hd3MuY29tLCA1Mi4xNS40OS40MSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA1LTIxVDIxOjA4OjM2LjA5OFosIGh0dHA6Ly9lbXAuZm91cmhvcnNlbWVuLnRlY2g6ODA4MCxVUywgZW1wLmZvdXJob3JzZW1lbi50ZWNoLCBBUzE0NjE4LCBlYzItMzQtMTk1LTE2Ni00LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tLCAzNC4xOTUuMTY2LjQsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNS0xNVQxMTowMDo0NS43NTNaLCBodHRwczovL2VuZHBvaW50cmVzZXJ2ZS5jb20sREUsIGVuZHBvaW50cmVzZXJ2ZS5jb20sIEFTMjg3NTMsICwgODQuMTYuMjQyLjIzMSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA1LTEwVDE3OjA0OjMxLjgzNVosIGh0dHA6Ly8xNTcuMjMwLjI2LjAsVVMsIDE1Ny4yMzAuMjYuMCwgQVMxNDA2MSwgLCAxNTcuMjMwLjI2LjAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNS0wOVQxMTo1NTozMS4zOTBaLCBodHRwOi8vY2hlY2sud2l0dG1hbm4taXQtc2VjdXJpdHkub3JnLyxSVSwgY2hlY2sud2l0dG1hbm4taXQtc2VjdXJpdHkub3JnLCBBUzI0OTQwLCBjaGVjay53aXR0bWFubi1pdC1zZWN1cml0eS5vcmcsIDE5NS4yMDEuMjMuMTM0LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDUtMDhUMTc6MTY6MDguNDYwWiwgaHR0cDovL21zZG4uY2xvdWQsVVMsIG1zZG4uY2xvdWQsIEFTMTMzMzUsICwgMjYwNjo0NzAwOjMwOjo2ODEyOjM1OTQsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNS0wN1QxNTozODoyNS4wMjRaLCBodHRwOi8vMTY3Ljk5LjYwLjE5NTo4MCxVUywgMTY3Ljk5LjYwLjE5NSwgQVMxNDA2MSwgLCAxNjcuOTkuNjAuMTk1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDQtMjZUMDU6MTg6MTAuMzM3WiwgaHR0cHM6Ly9wZXJrc2F0d29yay50ayxVUywgcGVya3NhdHdvcmsudGssIEFTMTQwNjEsIGh0dHAtcGVya3NhdHdvcmsudGstZDA0ZDQ0YWEsIDE1Ny4yMzAuMjMxLjEwOCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA0LTI1VDEzOjMwOjA1Ljc4MVosIGh0dHBzOi8vZmNiYW5rZnMwMS5kZXBhcnRtZW50cy5pdC5maXNydi5oZWxwLFVTLCBmY2JhbmtmczAxLmRlcGFydG1lbnRzLml0LmZpc3J2LmhlbHAsIEFTMTY1MDksIGVjMi0xOC0yMjUtMTEtMjM1LnVzLWVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20sIDE4LjIyNS4xMS4yMzUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wNC0yNFQxOTo0MDoxOC4wNzBaLCBodHRwczovLzY0LjIzMS4yMDguNDUsQ0EsIDY0LjIzMS4yMDguNDUsIEFTNTc3LCB0b3Jvb242MzN2dy1scDEzMC0wMy02NC0yMzEtMjA4LTQ1LmRzbC5iZWxsLmNhLCA2NC4yMzEuMjA4LjQ1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTktMDQtMThUMTY6MDc6MzcuMTQ3WiwgaHR0cDovLzE4NS4xMTcuNzUuMTE2LE5MLCAxODUuMTE3Ljc1LjExNiwgQVM2MDExNywgLCAxODUuMTE3Ljc1LjExNixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTA0LTA4VDEzOjU2OjQxLjAyN1osIGh0dHBzOi8vb2ZmaWNlc3RvcmFnZS5vcmcvLCwgb2ZmaWNlc3RvcmFnZS5vcmcsIEFTOTAwOSwgbm8tbWFucy1sYW5kLm0yNDcuY29tLCAxODUuMjQ1Ljg0LjEwNixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTAzLTIxVDE4OjIzOjI0LjQ2MVosIGh0dHBzOi8vNS4yMjYuMTM5LjMwLEdCLCA1LjIyNi4xMzkuMzAsIEFTMjUzNjksIDMwLjEzOS4yMjYuNS5kZWRpY2F0ZWQuemFyZS5jb20sIDUuMjI2LjEzOS4zMCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTAzLTIxVDE3OjMwOjM1LjE4NVosIGh0dHBzOi8vZnVuY3Rpb25kaXNjb3ZlcnkubmV0LCwgZnVuY3Rpb25kaXNjb3ZlcnkubmV0LCBBUzkwMDksICwgMTg1LjIxNi4zNS4xODIsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wMy0xM1QwODoxODoyMy4zMDBaLCBodHRwOi8vMTcyLjEwNC4xODkuMTYwLFVTLCAxNzIuMTA0LjE4OS4xNjAsIEFTNjM5NDksIGxpMTc4MC0xNjAubWVtYmVycy5saW5vZGUuY29tLCAxNzIuMTA0LjE4OS4xNjAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wMy0xMlQyMTo1MzowNS42MjhaLCBodHRwOi8vMTg1LjI0NC4xNDkuNzIsLCAxODUuMjQ0LjE0OS43MiwgQVM2MDExNywgLCAxODUuMjQ0LjE0OS43MixiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE5LTAzLTEyVDE1OjIzOjAwLjIzNlosIGh0dHA6Ly80NS43Ni44MS40NSxERSwgNDUuNzYuODEuNDUsIEFTMjA0NzMsIDQ1Ljc2LjgxLjQ1LnZ1bHRyLmNvbSwgNDUuNzYuODEuNDUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0wMi0yOFQxMjoxNzo0My4wMjlaLCBodHRwOi8vcGxhZGRlcmJhbGxlLndlc3RldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tLEdCLCBwbGFkZGVyYmFsbGUud2VzdGV1cm9wZS5jbG91ZGFwcC5henVyZS5jb20sIEFTODA3NSwgLCA1MS4xNDQuMTA2LjE2MSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTEyLTA4VDAzOjMxOjIzLjY5NVosIGh0dHA6Ly9sb2NhbGFyZWEtc2VhcmNoLmNvbSxVUywgbG9jYWxhcmVhLXNlYXJjaC5jb20sIEFTNjM5NDksIGxpMTc4MC0xNjAubWVtYmVycy5saW5vZGUuY29tLCAxNzIuMTA0LjE4OS4xNjAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yOFQxNzowMDoxMS4xMDhaLCBodHRwOi8vMTQyLjQuMjEyLjczLENBLCAxNDIuNC4yMTIuNzMsIEFTMTYyNzYsIG5zNTA3MTg0LmlwLTE0Mi00LTIxMi5uZXQsIDE0Mi40LjIxMi43MyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjMxOjU4LjU2NFosIGh0dHA6Ly96ZnNvY2lldHkuZHVja2Rucy5vcmcsR1IsIHpmc29jaWV0eS5kdWNrZG5zLm9yZywgQVMxNDA2MSwgLCAxNzguMTI4LjEwNC4xOTUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMTozMTowOC4yMTZaLCBodHRwOi8vdGltYmF1ZC5mcixGUiwgdGltYmF1ZC5mciwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDE6MzA6MjkuOTM1WiwgaHR0cDovL3N0YWRlLXJlbm5haXMuY29tLEZSLCBzdGFkZS1yZW5uYWlzLmNvbSwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDE6Mjk6NTEuNjIxWiwgaHR0cDovL3NhZmVzZXJ2ZXJsdGQuY29tLENBLCBzYWZlc2VydmVybHRkLmNvbSwgQVMyMDQ3MywgMTk5LjI0Ny4xNC4xODMudnVsdHIuY29tLCAxOTkuMjQ3LjE0LjE4MyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjI5OjE0Ljk1MVosIGh0dHA6Ly9vZmZyZXNwYXJ0ZW5haXJlcy5jb20sRlIsIG9mZnJlc3BhcnRlbmFpcmVzLmNvbSwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDE6MjA6NTUuNTgzWiwgaHR0cDovL3VwbG9hZC5zZWN1cmUtcG9ydGFsLmRlLERFLCB1cGxvYWQuc2VjdXJlLXBvcnRhbC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDE6MjA6NDkuMzY0WiwgaHR0cDovL3VwZGF0ZS5taXNzb3VsYWhlYWx0aGNhcmUueHl6LFVTLCB1cGRhdGUubWlzc291bGFoZWFsdGhjYXJlLnh5eiwgQVMyMDQ3MywgLCAxMDQuMjUwLjk3LjE0NyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjE5OjE1LjY3M1osIGh0dHA6Ly90aW1iYXVkLmZyLEZSLCB0aW1iYXVkLmZyLCBBUzEzMTkzLCBwcm92YWR5czkyMTAwLTE4LTE5LmNudC5uZXJpbS5uZXQsIDIxMy4yMTUuMTguMTksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMToxOTowOS40NjJaLCBodHRwOi8vdGlja2V0c21hc3RlcnMud2luLFVTLCB0aWNrZXRzbWFzdGVycy53aW4sIEFTMTMzMzUsICwgMjYwNjo0NzAwOjMwOjo2ODE4OjY3MjAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMToxODozNy41ODZaLCBodHRwOi8vdGVzdGIubnNkLmxpLERFLCB0ZXN0Yi5uc2QubGksIEFTNTUzOSwgLCAxOTUuMzAuMTI1LjEzNSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjE4OjE3LjU0M1osIGh0dHA6Ly9zdXJ2ZXkuZmlkdWNpYXFhZC5kZSxERSwgc3VydmV5LmZpZHVjaWFxYWQuZGUsIEFTNTUzOSwgLCAxOTUuMzAuMTI1LjEzNSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjE3OjQwLjA3MFosIGh0dHA6Ly9zc3N2ci5jbHViLFVTLCBzc3N2ci5jbHViLCBBUzI1ODIwLCAyMy4xMDUuMjE5LjE3LjE2Y2xvdWRzLmNvbSwgMjMuMTA1LjIxOS4xNyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjE0OjEyLjQzN1osIGh0dHA6Ly9zYWZlc2VydmVybHRkLmNvbSxDQSwgc2FmZXNlcnZlcmx0ZC5jb20sIEFTMjA0NzMsIDE5OS4yNDcuMTQuMTgzLnZ1bHRyLmNvbSwgMTk5LjI0Ny4xNC4xODMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMToxMjoxNS4xOTlaLCBodHRwOi8vcHRpci5nLXN0YXRpY3MuY29tLFVTLCBwdGlyLmctc3RhdGljcy5jb20sIEFTMjA0NzMsICwgMTA0LjI1MC45Ny4xNDcsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMToxMjowMy42MDBaLCBodHRwOi8vcHJpdmVkc2FsZXMuaWdub3JlbGlzdC5jb20sR1IsIHByaXZlZHNhbGVzLmlnbm9yZWxpc3QuY29tLCBBUzE0MDYxLCAsIDE3OC4xMjguMTA0LjE5NSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAxOjExOjEzLjMxMFosIGh0dHA6Ly9wbGFkZGVyYmFsbGUud2VzdGV1cm9wZS5jbG91ZGFwcC5henVyZS5jb20sR0IsIHBsYWRkZXJiYWxsZS53ZXN0ZXVyb3BlLmNsb3VkYXBwLmF6dXJlLmNvbSwgQVM4MDc1LCAsIDUxLjE0NC4xMDYuMTYxLGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDE6MDk6MzAuNDM0WiwgaHR0cDovL29mZnJlc3BhcnRlbmFpcmVzLmNvbSxGUiwgb2ZmcmVzcGFydGVuYWlyZXMuY29tLCBBUzEzMTkzLCBwcm92YWR5czkyMTAwLTE4LTE5LmNudC5uZXJpbS5uZXQsIDIxMy4yMTUuMTguMTksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMTowOTowOC40MDhaLCBodHRwOi8vbnM1MDMyMjAuaXAtMTk4LTEwMC0xNDcubmV0LENBLCBuczUwMzIyMC5pcC0xOTgtMTAwLTE0Ny5uZXQsIEFTMTYyNzYsIG5zNTAzMjIwLmlwLTE5OC0xMDAtMTQ3Lm5ldCwgMTk4LjEwMC4xNDcuNzAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMTowODo0Ny4xODFaLCBodHRwOi8vbnMyLnBlbnRlc3QuZnIsRlIsIG5zMi5wZW50ZXN0LmZyLCBBUzEzMTkzLCBwcm92YWR5czkyMTAwLTE4LTE5LmNudC5uZXJpbS5uZXQsIDIxMy4yMTUuMTguMTksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMTowMjoxNC44MDJaLCBodHRwOi8vbWVkaWFyZWxlYXNlZHRvZGF5Lm5ldCxOTCwgbWVkaWFyZWxlYXNlZHRvZGF5Lm5ldCwgQVM1MDY3Mywgc3J2MS5udWIudG9kYXksIDE0Ni4xODUuMjUzLjE0MCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAwOjU5OjI3LjYyMlosIGh0dHA6Ly9tYWlsLmdlc2NoZW5rLW1pdC1oZXJ6Lm9yZyxERSwgbWFpbC5nZXNjaGVuay1taXQtaGVyei5vcmcsIEFTNTUzOSwgLCAxOTUuMzAuMTI1LjEzNSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAwOjU4OjM3LjM3OFosIGh0dHA6Ly9tYWdpY3VtLmVhc3R1cy5jbG91ZGFwcC5henVyZS5jb20sVVMsIG1hZ2ljdW0uZWFzdHVzLmNsb3VkYXBwLmF6dXJlLmNvbSwgQVM4MDc1LCAsIDIzLjEwMC4xOC4yNDksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo1ODozMi4xNTlaLCBodHRwOi8vbS5zdGFkZS1yZW5uYWlzLmNvbSxGUiwgbS5zdGFkZS1yZW5uYWlzLmNvbSwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6NTc6NDcuNDExWiwgaHR0cDovL2xvY2FsYXJlYS1zZWFyY2guY29tLFVTLCBsb2NhbGFyZWEtc2VhcmNoLmNvbSwgQVM2Mzk0OSwgbGkxNzgwLTE2MC5tZW1iZXJzLmxpbm9kZS5jb20sIDE3Mi4xMDQuMTg5LjE2MCxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAwOjU1OjQxLjgyMVosIGh0dHA6Ly9rYXNwZXJza3lsYWIuaWdub3JlbGlzdC5jb20sR1IsIGthc3BlcnNreWxhYi5pZ25vcmVsaXN0LmNvbSwgQVMxNDA2MSwgLCAxNzguMTI4LjEwNC4xOTUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo1MTowNC4wMjJaLCBodHRwOi8vaHdzcnYtMjk4NzY5Lmhvc3R3aW5kc2Rucy5jb20sVVMsIGh3c3J2LTI5ODc2OS5ob3N0d2luZHNkbnMuY29tLCBBUzU0MjkwLCBod3Nydi0yOTg3NjkuaG9zdHdpbmRzZG5zLmNvbSwgMjMuMjU0LjE2NC4xOTcsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo1MDozNi4wNjJaLCBodHRwOi8vaGsuMC05LmNsdWIsVVMsIGhrLjAtOS5jbHViLCBBUzQ1MTAyLCAsIDQ3LjI0NC4xMy4xMjMsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo0NzowNC44ODZaLCBodHRwOi8vZ2lwc3kuc2FybGFpdGgub3JnLE5MLCBnaXBzeS5zYXJsYWl0aC5vcmcsIEFTMTMxMjcsICwgODcuMjEzLjE3My4xODksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo0Njo1NC4zNzZaLCBodHRwOi8vZ2VzY2hlbmstbWl0LWhlcnoub3JnLERFLCBnZXNjaGVuay1taXQtaGVyei5vcmcsIEFTNTUzOSwgLCAxOTUuMzAuMTI1LjEzNSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTIwVDAwOjQ1OjM3LjE1M1osIGh0dHA6Ly9mcmV6ZXIubW9vby5jb20sVVMsIGZyZXplci5tb29vLmNvbSwgQVM1MzY2NywgZG9uZWFtaW5vdmljaC5jb20sIDEwNC4yNDQuNzIuMTQ0LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6NDQ6NDUuOTA4WiwgaHR0cDovL2ZpbGVzLm1pc3NvdWxhaGVhbHRoY2FyZS54eXosVVMsIGZpbGVzLm1pc3NvdWxhaGVhbHRoY2FyZS54eXosIEFTMjA0NzMsICwgMTA0LjI1MC45Ny4xNDcsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0yMFQwMDo0NDoyOS4yMDdaLCBodHRwOi8vZmlkdWNpYXFhZC5kZSxERSwgZmlkdWNpYXFhZC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6NDM6NTIuNjg5WiwgaHR0cDovL2ZheC5maWR1Y2lhcWFkLmRlLERFLCBmYXguZmlkdWNpYXFhZC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6NDM6MzQuODA4WiwgaHR0cDovL2V4ZWN1dGl2ZWpld2lzaGRhdGluZy5jb20sVVMsIGV4ZWN1dGl2ZWpld2lzaGRhdGluZy5jb20sIEFTODA3NSwgLCAxMy44OS4yNDEuMjM0LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6Mzc6MzIuMDI0WiwgaHR0cDovL2N5bG9nLmNsdWIsRlIsIGN5bG9nLmNsdWIsIEFTMTYyNzYsIGlwMTM2LmlwLTIxNy0xODItMzguZXUsIDIxNy4xODIuMzguMTM2LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6MzQ6NDguNTE4WiwgaHR0cDovL2NhbGNvbi5zZWN1cmUtcG9ydGFsLmRlLERFLCBjYWxjb24uc2VjdXJlLXBvcnRhbC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6MzQ6MzEuNTU4WiwgaHR0cDovL2J3LXNwaWVpYmFua2VuLmRlLERFLCBidy1zcGllaWJhbmtlbi5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6MzA6NTIuNzk4WiwgaHR0cDovL2JhY2tsYXNoLnNhcmxhaXRoLm9yZyxOTCwgYmFja2xhc2guc2FybGFpdGgub3JnLCBBUzEzMTI3LCAsIDg3LjIxMy4xNzUuMTg5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMjBUMDA6MjY6MzAuODU0WiwgaHR0cDovL2FtYXpvbi5zZWN1cmUtcG9ydGFsLmRlLERFLCBhbWF6b24uc2VjdXJlLXBvcnRhbC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMTlUMTc6NTQ6NTUuNzQwWiwgaHR0cDovL3pmc29jaWV0eS5kdWNrZG5zLm9yZyxHUiwgemZzb2NpZXR5LmR1Y2tkbnMub3JnLCBBUzE0MDYxLCAsIDE3OC4xMjguMTA0LjE5NSxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTE5VDE3OjU0OjIzLjQ5N1osIGh0dHA6Ly96ZnNvY2lldHkuZHVja2Rucy5vcmcsR1IsIHpmc29jaWV0eS5kdWNrZG5zLm9yZywgQVMxNDA2MSwgLCAxNzguMTI4LjEwNC4xOTUsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0xOVQxNzo1NDowNy43NzRaLCBodHRwOi8vdGltYmF1ZC5mcixGUiwgdGltYmF1ZC5mciwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMTlUMTc6NTM6NTUuNjMyWiwgaHR0cDovL3N0YWRlLXJlbm5haXMuY29tLEZSLCBzdGFkZS1yZW5uYWlzLmNvbSwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMTlUMTc6NTM6NDMuNDI3WiwgaHR0cDovL3NhZmVzZXJ2ZXJsdGQuY29tLENBLCBzYWZlc2VydmVybHRkLmNvbSwgQVMyMDQ3MywgMTk5LjI0Ny4xNC4xODMudnVsdHIuY29tLCAxOTkuMjQ3LjE0LjE4MyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTE5VDE3OjUzOjMxLjY0OVosIGh0dHA6Ly9vZmZyZXNwYXJ0ZW5haXJlcy5jb20sRlIsIG9mZnJlc3BhcnRlbmFpcmVzLmNvbSwgQVMxMzE5MywgcHJvdmFkeXM5MjEwMC0xOC0xOS5jbnQubmVyaW0ubmV0LCAyMTMuMjE1LjE4LjE5LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMTlUMTc6NDU6MDcuMjkxWiwgaHR0cDovL3VwbG9hZC5zZWN1cmUtcG9ydGFsLmRlLERFLCB1cGxvYWQuc2VjdXJlLXBvcnRhbC5kZSwgQVM1NTM5LCAsIDE5NS4zMC4xMjUuMTM1LGI4Yzg5MmZiYjQ5OTIxNTI5YmU2ZjZjZTE3Njg1YzMxNzI0Zjc2OTU5MTExYjI4ZjM5ZTM5ZGMyOTliOGFjYWYNCjIwMTgtMTEtMTlUMTc6NDU6MDUuODA0WiwgaHR0cDovL3VwZGF0ZS5taXNzb3VsYWhlYWx0aGNhcmUueHl6LFVTLCB1cGRhdGUubWlzc291bGFoZWFsdGhjYXJlLnh5eiwgQVMyMDQ3MywgLCAxMDQuMjUwLjk3LjE0NyxiOGM4OTJmYmI0OTkyMTUyOWJlNmY2Y2UxNzY4NWMzMTcyNGY3Njk1OTExMWIyOGYzOWUzOWRjMjk5YjhhY2FmDQoyMDE4LTExLTE5VDE3OjQ0OjM0LjI3NFosIGh0dHA6Ly90aW1iYXVkLmZyLEZSLCB0aW1iYXVkLmZyLCBBUzEzMTkzLCBwcm92YWR5czkyMTAwLTE4LTE5LmNudC5uZXJpbS5uZXQsIDIxMy4yMTUuMTguMTksYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOC0xMS0xOVQxNzo0NDozMi4zNDZaLCBodHRwOi8vdGlja2V0c21hc3RlcnMud2luLFVTLCB0aWNrZXRzbWFzdGVycy53aW4sIEFTMTMzMzUsICwgMjYwNjo0NzAwOjMwOjo2ODE4OjY2MjAsYjhjODkyZmJiNDk5MjE1MjliZTZmNmNlMTc2ODVjMzE3MjRmNzY5NTkxMTFiMjhmMzllMzlkYzI5OWI4YWNhZg0KMjAxOS0xMi0wOVQxOTo0NDo1MC43NDJaLCBodHRwOi8vOTQuMTQwLjExNi4yMTY6NDQzL2FkbWluLExWLCA5NC4xNDAuMTE2LjIxNiwgQVM0MzUxMywgLCA5NC4xNDAuMTE2LjIxNixhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTEyLTA1VDIyOjQwOjQ0LjM5OVosIGh0dHA6Ly8yMy44Mi4xODUuMTQwOjQ0My9uZXdzLnBocCxVUywgMjMuODIuMTg1LjE0MCwgQVMzOTYzNjIsICwgMjMuODIuMTg1LjE0MCxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTEyLTAyVDEyOjU1OjA4LjY4NVosIGh0dHA6Ly80NS4xNDcuMjI4LjkxOjQ0My9sb2dpbi9wcm9jZXNzLnBocCxERSwgNDUuMTQ3LjIyOC45MSwgQVMzMDgyMywgLCA0NS4xNDcuMjI4LjkxLGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMTItMDFUMTU6Mjk6MTAuNjA0WiwgaHR0cDovLzQ1Ljc2LjIxLjIzOTo0NDMvbG9naW4vcHJvY2Vzcy5waHAsVVMsIDQ1Ljc2LjIxLjIzOSwgQVMyMDQ3MywgNDUuNzYuMjEuMjM5LnZ1bHRyLmNvbSwgNDUuNzYuMjEuMjM5LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMTItMDFUMTU6Mjc6NTcuMjk3WiwgaHR0cDovLzQ1Ljc2LjIxLjIzOTo0NDMvYWRtaW4vZ2V0LnBocCxVUywgNDUuNzYuMjEuMjM5LCBBUzIwNDczLCA0NS43Ni4yMS4yMzkudnVsdHIuY29tLCA0NS43Ni4yMS4yMzksYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0xMi0wMVQxNToyNzowMy43MzhaLCBodHRwOi8vNDUuNzYuMjEuMjM5OjQ0My9sb2dpbi9wcm9jZXNzLnBocCxVUywgNDUuNzYuMjEuMjM5LCBBUzIwNDczLCA0NS43Ni4yMS4yMzkudnVsdHIuY29tLCA0NS43Ni4yMS4yMzksYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0xMi0wMVQxNToyNToyOC45MDdaLCBodHRwOi8vNDUuNzYuMjEuMjM5OjQ0My9uZXdzLnBocCxVUywgNDUuNzYuMjEuMjM5LCBBUzIwNDczLCA0NS43Ni4yMS4yMzkudnVsdHIuY29tLCA0NS43Ni4yMS4yMzksYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0xMS0yN1QxNzoxNTo1MC4wODZaLCBodHRwOi8vMTc2LjEyMS4xNC4xNDM6OTA1MC9hZG1pbi9nZXQucGhwLFVBLCAxNzYuMTIxLjE0LjE0MywgQVMyMTAxMzgsICwgMTc2LjEyMS4xNC4xNDMsYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0xMS0wOFQxNDowMDowNi4yNTFaLCBodHRwOi8vMjEyLjExNC41Mi4xNTE6NDQzL25ld3MucGhwLERFLCAyMTIuMTE0LjUyLjE1MSwgQVMzMDgyMywgLCAyMTIuMTE0LjUyLjE1MSxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTExLTA1VDIzOjA3OjUxLjkxM1osIGh0dHA6Ly80NS4xNDcuMjI4Ljg5OjQ0My9hZG1pbi9nZXQucGhwLERFLCA0NS4xNDcuMjI4Ljg5LCBBUzMwODIzLCAsIDQ1LjE0Ny4yMjguODksYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0xMC0zMFQxNzoxOTowNi43MTNaLCBodHRwOi8vODEuMjIuNDUuMjM1OjgwLFJVLCA4MS4yMi40NS4yMzUsIEFTNDk1MDUsICwgODEuMjIuNDUuMjM1LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMTAtMzBUMTc6MTg6NTguOTM0WiwgaHR0cDovLzgxLjIyLjQ1LjIzNTo4MDgwLFJVLCA4MS4yMi40NS4yMzUsIEFTNDk1MDUsICwgODEuMjIuNDUuMjM1LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMTAtMjJUMTY6NTU6NDMuMTQ2WiwgaHR0cDovLzQ1LjE0Ny4yMjguOTU6NDQzL2xvZ2luL3Byb2Nlc3MucGhwLERFLCA0NS4xNDcuMjI4Ljk1LCBBUzMwODIzLCAsIDQ1LjE0Ny4yMjguOTUsYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0wOS0xN1QxNjoyNTo0NS4wODdaLCBodHRwOi8vNDUuNzYuMjcuMjM4OjQ0My9hZG1pbi9nZXQucGhwLFVTLCA0NS43Ni4yNy4yMzgsIEFTMjA0NzMsIDQ1Ljc2LjI3LjIzOC52dWx0ci5jb20sIDQ1Ljc2LjI3LjIzOCxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTA5LTAyVDE5OjI0OjE3LjgxNFosIGh0dHA6Ly82Ni40Mi43MC4xOTM6NDQzL2xvZ2luL3Byb2Nlc3MucGhwLFVTLCA2Ni40Mi43MC4xOTMsIEFTMjA0NzMsIDY2LjQyLjcwLjE5My52dWx0ci5jb20sIDY2LjQyLjcwLjE5MyxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTA5LTAyVDE4OjA5OjIxLjQ1MFosIGh0dHA6Ly8xNzYuMTIxLjE0LjE1OTo0NDMvYWRtaW4vZ2V0LnBocCxVQSwgMTc2LjEyMS4xNC4xNTksIEFTMjEwMTM4LCAsIDE3Ni4xMjEuMTQuMTU5LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMDctMjBUMTI6MjI6MDMuMjc0WiwgaHR0cDovLzQ1Ljc3LjY0LjE4Njo0NDMvbG9naW4vcHJvY2Vzcy5waHAsREUsIDQ1Ljc3LjY0LjE4NiwgQVMyMDQ3MywgNDUuNzcuNjQuMTg2LnZ1bHRyLmNvbSwgNDUuNzcuNjQuMTg2LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMDctMDlUMTc6MTI6MjMuNTM0WiwgaHR0cHM6Ly85MS4yMzUuMTI5LjE3MC9uZXdzLnBocCxOTCwgOTEuMjM1LjEyOS4xNzAsIEFTMjExMDAsIHZkczI3OTc2bmwuaHlwZXJob3N0Lm5hbWUsIDkxLjIzNS4xMjkuMTcwLGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMDctMDJUMDM6NDI6NDAuNDEyWiwgaHR0cDovLzE5NS4xMjMuMjEyLjIxNy9uZXdzLnBocCxMViwgMTk1LjEyMy4yMTIuMjE3LCBBUzUwOTc5LCB2ZHMtMzM4NjQwLmhvc3RlZC1ieS1pdGxkYy5jb20sIDE5NS4xMjMuMjEyLjIxNyxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTA3LTAyVDAzOjQxOjA5LjgzOVosIGh0dHA6Ly8xOTUuMTIzLjIxMi4yMTcvbG9naW4vcHJvY2Vzcy5waHAsTFYsIDE5NS4xMjMuMjEyLjIxNywgQVM1MDk3OSwgdmRzLTMzODY0MC5ob3N0ZWQtYnktaXRsZGMuY29tLCAxOTUuMTIzLjIxMi4yMTcsYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0wNi0yN1QxNDozOToyMC4yNDNaLCBodHRwczovLzEwOS45NC4xMTAuMTM2OjQ0My9hZG1pbi9nZXQucGhwLEJHLCAxMDkuOTQuMTEwLjEzNiwgQVM0NDkwMSwgdjY2MjE1LnZwcy1hZy5jb20sIDEwOS45NC4xMTAuMTM2LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMDYtMjRUMTk6MjA6MDYuMzY0WiwgaHR0cHM6Ly8xOTIuMjQzLjEwMy44OTo0NDMvbmV3cy5waHAsVVMsIDE5Mi4yNDMuMTAzLjg5LCBBUzM2NDU0LCAsIDE5Mi4yNDMuMTAzLjg5LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTktMDUtMzFUMTM6Mjg6MzcuNTc4WiwgaHR0cHM6Ly8xOTQuMzYuMTg5LjkvbG9naW4vcHJvY2Vzcy5waHAsTkwsIDE5NC4zNi4xODkuOSwgQVM2MDExNywgam5qdy5kcm93bnNoaXAuY29tLCAxOTQuMzYuMTg5LjksYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOS0wMi0yNVQwNTowNjoyMC4yMTBaLCBodHRwczovLzE4NS4xNi40MS4yMTk6ODAvYWRtaW4vZ2V0LnBocCxHQiwgMTg1LjE2LjQxLjIxOSwgQVMxOTk0NTYsICwgMTg1LjE2LjQxLjIxOSxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTAyLTI1VDA0OjQyOjQxLjQ0NlosIGh0dHBzOi8vMTg1LjE2LjQxLjIxOS9uZXdzLnBocCxHQiwgMTg1LjE2LjQxLjIxOSwgQVMxOTk0NTYsICwgMTg1LjE2LjQxLjIxOSxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE5LTAyLTA0VDE4OjU3OjEyLjEyM1osIGh0dHBzOi8vMjE2LjE4OS4xNTQuODU6NDQzL25ld3MucGhwLFVTLCAyMTYuMTg5LjE1NC44NSwgQVM3NDg5LCAsIDIxNi4xODkuMTU0Ljg1LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTgtMTEtMTNUMTY6NTE6NDUuNjI3WiwgaHR0cDovLzE4NS4yNS41MS40OCxMVCwgMTg1LjI1LjUxLjQ4LCBBUzYxMjcyLCAzOTcyLTgwNjkuYmFjbG91ZC5pbmZvLCAxODUuMjUuNTEuNDgsYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOC0wOS0yOFQyMDo1NDozMC41NzBaLCBodHRwOi8vMTg1LjI1LjUxLjQ4LExULCAxODUuMjUuNTEuNDgsIEFTNjEyNzIsIDM5NzItODA2OS5iYWNsb3VkLmluZm8sIDE4NS4yNS41MS40OCxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE4LTA5LTI4VDE4OjIwOjE3LjQ5MFosIGh0dHA6Ly8xODUuMjUuNTEuNDgvNGVoa2JhdE9GVFRVWVpWLExULCAxODUuMjUuNTEuNDgsIEFTNjEyNzIsIDM5NzItODA2OS5iYWNsb3VkLmluZm8sIDE4NS4yNS41MS40OCxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE4LTA5LTI3VDE3OjE1OjM5Ljc1MVosIGh0dHBzOi8vNS4xODguMjMxLjEwOTo0NDMvbG9naW4vcHJvY2Vzcy5waHAsUlUsIDUuMTg4LjIzMS4xMDksIEFTNjIwODgsIHNlcmF2cmV5Z2xzLm1vcmVuZS5ob3N0LCA1LjE4OC4yMzEuMTA5LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTgtMDktMDVUMTg6NTg6MjEuMTYyWiwgaHR0cHM6Ly8xNjIuMjQ0LjMyLjQyL25ld3MucGhwLFVTLCAxNjIuMjQ0LjMyLjQyLCBBUzE0NTc2LCBub2FobGV3aXMuY2xpZW50c2hvc3RuYW1lLmNvbSwgMTYyLjI0NC4zMi40MixhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE4LTA5LTA1VDE4OjE2OjU3Ljk4OVosIGh0dHA6Ly8xNjIuMjQ3LjE1NS4xMDU6NDQzL2xvZ2luL3Byb2Nlc3MucGhwLFVTLCAxNjIuMjQ3LjE1NS4xMDUsIEFTMzAyMzUsICwgMTYyLjI0Ny4xNTUuMTA1LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTgtMDgtMThUMTQ6Mzc6MjIuOTA0WiwgaHR0cDovLzY1LjExMS4yNDcuMTAwOjQ0NDQvZmlsZS5wczEsVVMsIDY1LjExMS4yNDcuMTAwLCBBUzMwNjkxLCAxMDAuNjUuMTExLjI0Ny5pbi1hZGRyLmFycGEubGxkYy5uZXQsIDY1LjExMS4yNDcuMTAwLGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTgtMDQtMDVUMTA6MTY6MzIuOTMyWiwgaHR0cDovLzM1LjE1OC43NS43OC9pbmRleC5odG1sLERFLCAzNS4xNTguNzUuNzgsIEFTMTY1MDksIGVjMi0zNS0xNTgtNzUtNzguZXUtY2VudHJhbC0xLmNvbXB1dGUuYW1hem9uYXdzLmNvbSwgMzUuMTU4Ljc1Ljc4LGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTgtMDMtMDRUMDM6MTE6MzguNzc2WiwgaHR0cDovLzc3LjI0NC4yMTkuMTExOjgwODAvYWRtaW4vZ2V0LnBocCxSVSwgNzcuMjQ0LjIxOS4xMTEsIEFTNDk1MDUsICwgNzcuMjQ0LjIxOS4xMTEsYTU4ZmIxMDcwNzJkOTUyMzExNGExYjFmMTdmYmY1ZTdhOGI5NmRhNzc4M2YyNGQ4NGY4M2RmMzRhYmM0ODU3Ng0KMjAxOC0wMS0xMFQyMTozNTowOS44NzFaLCBodHRwOi8vNDYuMTY2LjE4NS4xMTc6ODA4MC9hZG1pbi9nZXQucGhwLE5MLCA0Ni4xNjYuMTg1LjExNywgQVM0MzM1MCwgLCA0Ni4xNjYuMTg1LjExNyxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQoyMDE3LTEwLTIyVDIxOjM0OjU0Ljk1NVosIGh0dHA6Ly83Ny4yNDQuMjE5LjExMTo4MDgwL2FkbWluL2dldC5waHAsUlUsIDc3LjI0NC4yMTkuMTExLCBBUzQ5NTA1LCAsIDc3LjI0NC4yMTkuMTExLGE1OGZiMTA3MDcyZDk1MjMxMTRhMWIxZjE3ZmJmNWU3YThiOTZkYTc3ODNmMjRkODRmODNkZjM0YWJjNDg1NzYNCjIwMTctMDUtMTlUMDU6NTc6MjkuMjQ2WiwgaHR0cHM6Ly80MC4xMjYuMjUxLjMvbG9naW4vcHJvY2Vzcy5waHAsQVUsIDQwLjEyNi4yNTEuMywgQVM4MDc1LCAsIDQwLjEyNi4yNTEuMyxhNThmYjEwNzA3MmQ5NTIzMTE0YTFiMWYxN2ZiZjVlN2E4Yjk2ZGE3NzgzZjI0ZDg0ZjgzZGYzNGFiYzQ4NTc2DQo=",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576542289",
|
|
"to_ids": false,
|
|
"type": "attachment",
|
|
"uuid": "5df82051-a630-4a54-bcc5-de9c0a0a019b",
|
|
"value": "empire.csv"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "Source of the MISP event",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1576589519",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5df8d8cf-a4a0-4391-9f86-4a11950d210f",
|
|
"value": "https://github.com/Hestat/intel-sharing/blob/master/powershell-empire-12-16-19/misp.event.7941.json"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1588338859",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5e2f32e8-68cc-423d-b58e-4a90950d210f",
|
|
"value": "https://officestorage.org:443"
|
|
}
|
|
]
|
|
}
|
|
} |